Why pointer concept is unsecured???

Replies

• 

  Leo

  HI MOHIT you might know that while performing operations on data, data is stored in virtual stack, but this virtual stack does has some physical memory address and pointers are capable of directly going to any specified address. If you can write a program to detect how many current stacks are there and which program is using that stack, you can easily get logical address of any variable data in that stack. Now with help of pointers you are capable of changing address of variable stored in stack without altering original running program, this type of altering may crash the running program by over use of memory.
  And suppose you are a hacker and want to hack my PC while i am online and you have good knowledge about my system and now you want to run some malicious code in my system. Then you know program runs in a way compile, load and go. You will send me a compiled program without my knowledge and then load that in memory but it will never reach go state without my permission and off course i don't know about your program I'll not run it and even if i came to know I'll not run it thinking it might be malicious. So you will check for running ports in my PC and detect the service daemon running behind that port and which program is using it with help of that you will get logical address from where running program is calling another program and you will replace that address by address of your own program and like this you can run malicious code on my PC without my knowledge.
  This much things occur when you really alter anything online but they never appear as done because there are automated tools available to do them.
  Above is one of the most basic example there are many such threats, rest is left to your imagination. I tried to explain things without going in too much detail, i hope they are very simple for you to understand since you are also a Computer Engineer.Happy Computing.
• 

  Leo

  Hi Mohit i visited your blog and it is really cool, by reading your articles i think you are a power user of computer. By the way i am not satisfied by your quotes "If hacking== reverse engineering" don't do this. So far as i know before computers evolved to bigger level Electrical and Electronic Engineers used to modify circuits so as to make equipments work better than before, they use to call this as circuit hack. Later on when computer became more than just a hardware for common people software geeks applied same methods to tweak computer codes. Later on altering electronic devices for modification was termed as Reverse Engineering and the persons expert in computer hardware as well as software were termed as Hackers. Later development of Internet lead to more powerful computer professionals and then Hackers got there todays definition(A person with good knowledge of computer hardware, software, Internet and computer security is known as Hacker).By the way this definition always remained among Computer Professionals because movies and media always portrayed hacker as criminal. Even today Certified Hackers use tools and experience to scan security of systems and provide necessary solution to security related problems which again is a Reverse Engineering. So as per me hacking since got its name, it was always a Reverse Engineering Process and even today it is nothing but a reverse engineering to make things work better.
• 

  sushant005

  I think pointer is the concept through which we can directly access the address so it not secured if we are directly accessing the address and one thing also that the memory management .There is a concept of the explicit pointer in c or c++ so it is very difficult for the programmer to manually allocate and deallocate all the memory at the run-time to avoid this here is concept of garbage collector in Java programming used for managing the allocation and deallocation of memory.
• 

  Whats In Name

  By the use of pointer you can access the address of any data,can over-write it and by doing this,the real information can be changed,thus no security.
  
  *Correct me Please,If I am wrong*