From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,103b407e8b68350b
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-01-06 13:04:17 PST
Path: 
 archiver1.google.com!news2.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!sn-xit-03!sn-xit-01!sn-post-01!supernews.com!corp.supernews.com!not-for-mail
From: "Randy Brukardt" <randy@rrsoftware.com>
Newsgroups: comp.lang.ada
Subject: Re: Anybody in US using ADA ? New language competition? (long)
Date: Mon, 6 Jan 2003 14:47:57 -0600
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <v1jr6cllavm407@corp.supernews.com>
References: <auuu42$7be$1@slb9.atl.mindspring.net>
 <VfKQ9.193788$qF3.13607@sccrnsc04> <av1c7j$ctl$1@slb3.atl.mindspring.net>
 <3E148004.5000408@cogeco.ca> <av2tk2$d3e$1@slb9.atl.mindspring.net>
 <3E15CF31.1020900@cogeco.ca> <av6sqg$hoe$1@slb5.atl.mindspring.net>
 <PDhS9.214$Z74.885@dfw-service2.ext.raytheon.com>
X-Newsreader: Microsoft Outlook Express 4.72.3612.1700
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3719.2500
X-Complaints-To: abuse@supernews.com
Xref: archiver1.google.com comp.lang.ada:32640
Date: 2003-01-06T14:47:57-06:00
List-Id: <comp.lang.ada>

Wes Groleau wrote in message ...
>If you make a new web server, it still has to interoperate with
>most of the things other webservers work with, or it won't get
>used.  And it isn't being used, is it?  Sure, by Ada fans, but
>that's not the point.


That's a lousy example. If you "interoperate" with those other things,
(i.e. plugins and CGIs), you're also bringing in the intractable
security problems of those other things.

That's precisely why I updated Tom Moran's web server to use for our
AdaIC backup server. It doesn't know how to execute another program (and
never will), so no one will ever be able to use it to launch Cmd.Exe, no
matter what garbage it is given. And most of the other security problems
you hear about can't happen, either. The only thing it writes is log
files, so an attacker can't use it to create files, either, no matter
what they do. About the worst that can happen is that they could use it
to cause a denial-of-service -- and given that it uses a set of Ada
tasks, even that would be fairly difficult.

Of course, it has to understand HTTP and make log files that analyzer
programs recognize, but the first is the definition of "web server" and
the latter is trivial.

But, all of that said, I think your basic point is correct.

               Randy Brukardt.