From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,103b407e8b68350b
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-01-08 12:17:53 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!nntp.cs.ubc.ca!news-feed.riddles.org.uk!sn-xit-03!sn-xit-01!sn-post-01!supernews.com!corp.supernews.com!not-for-mail
From: "Randy Brukardt" <randy@rrsoftware.com>
Newsgroups: comp.lang.ada
Subject: Re: Anybody in US using ADA ? New language competition? (long)
Date: Wed, 8 Jan 2003 14:12:59 -0600
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <v1p1qiniqh2t6d@corp.supernews.com>
References: <auuu42$7be$1@slb9.atl.mindspring.net>
 <VfKQ9.193788$qF3.13607@sccrnsc04> <av1c7j$ctl$1@slb3.atl.mindspring.net>
 <3E148004.5000408@cogeco.ca> <av2tk2$d3e$1@slb9.atl.mindspring.net>
 <3E15CF31.1020900@cogeco.ca> <av6sqg$hoe$1@slb5.atl.mindspring.net>
 <PDhS9.214$Z74.885@dfw-service2.ext.raytheon.com>
 <v1jr6cllavm407@corp.supernews.com>
 <VpAS9.2349$c6.2594@bos-service2.ext.raytheon.com>
 <v1m98cprbu23dd@corp.supernews.com> <3E1B713F.D194E2D@adaworks.com>
X-Newsreader: Microsoft Outlook Express 4.72.3612.1700
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3719.2500
X-Complaints-To: abuse@supernews.com
Xref: archiver1.google.com comp.lang.ada:32766
Date: 2003-01-08T14:12:59-06:00
List-Id: <comp.lang.ada>

Richard Riehle wrote in message <3E1B713F.D194E2D@adaworks.com>...
>Randy Brukardt wrote:
>
>> But all that said, it would be hard to market YAWS (Yet Another Web
>> Server), even if it was highly secure. It would also have to have
better
>> performance than anything built directly on top of Windows sockets
can.
>> So, I don't currently have any intention to market or even make
>> available the web server I wrote.
>
>At NPS we have some serious efforts going on where students
>are researching opportunities for more secure web servers along
>with other approaches to computer security.   I would be interested
>in using your code to set up a laboratory experiment for one of
>our labs and invite students to hack into the server.   If it proves
>to be as secure as you suggest, I think it could make a real
>contribution to the computer security program.


I'm afraid it's not particularly new. It just embodies rules number 1
and 2 about security: #1 Don't run anything you don't need; #2 Have
multiple layers of security. #1 is handled by using the simple Ada
server; and #2 is handled by using a hardware router to insure that
requests other than the ones we're prepared to handle are never given to
the machine. (That's critical, given that I'm running on a Windows
machine, which I must assume is insecure. But if you can't talk to the
OS, that doesn't matter as much.)

Anyway, we should take this off-line.

             Randy.