Checking a Publically exposed pointer will not cause a problem
The developers here have written some code in C# that exposes public pointers - FxCop picked that up. The pointers are all of the type IntPtr which I understand points to unmanaged memory and is dangerous. I need to convince the developers that they need to make the pointer references private, the trouble is unless the guys see somthing nasty happening they wont bother to make the change. While the issue may not be too much of a problem while we only have a Windows interface -The application users are unlikly to have the knowledge to abuse the hole. If we develop a web interface and user access the application over the internet I believe the vunerability could be exploited. Any ideas how I can prove to the heathen developers that this issue is rather serious?
Re: Checking a Publically exposed pointer will not cause a problem
Document the vulnerability in the risk section of a plan or other official document. Include risk analyis data. Get signoff by any one or more empowered individual. A "battle" to convince someone is not easily "won". All tend to lose.