Security Portal: Variable Pointers and SecurityOct 25, 2000, 07:22 (1 Talkback[s])
(Other stories by Ronald Mendell)
"If a programmer works with primarily static, homogenous data, then variable pointers may not be necessary. But with dynamic data, accessing that information effectively by the program may not be possible without pointers to dynamic memory locations...."
"What security risks arise when pointers get changed and data remaining in memory cells becomes forgotten? Obviously, in systems with robust data turnover, the question may be moot. But in processing environments where dormant accounts are the norm, unmapped data residing in memory or in disk storage systems creates formidable security problems."
"First, proprietary data may hold over in storage devices whose permissions could change without anyone knowing sensitive data still remains. Unauthorized individuals suddenly have access rights to data beyond their security clearances. For example, executive salaries may be accessible by accounting clerks if disk storage is reused with a lower permission level."