From mboxrd@z Thu Jan  1 00:00:00 1970
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Kevin Chadwick <kc-usenet@chadwicks.me.uk>
Newsgroups: comp.lang.ada
Subject: Re: Ada/GNAT/AWS-friendly web hosting
Date: Thu, 12 Sep 2024 17:16:29 -0000 (UTC)
Organization: A noiseless patient Spider
Message-ID: <vbv7ld$blbq$1@dont-email.me>
References: <vbutl5$8a99$5@dont-email.me> <vbuvbl$nsk$1@rasp.pasdenom.info>
 <vbv71v$b2ac$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 12 Sep 2024 19:16:30 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="95b95ed420df66af713a8e6968a59be8";
	logging-data="382330"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/S23aQjWBMz5VqY+u8Bw4qWdeZdpETGQA="
User-Agent: PhoNews/3.13.3 (Android/14)
Cancel-Lock: sha1:MoU8TakpdzV8pIkvJcSQokbbDhY=
In-Reply-To: <vbv71v$b2ac$1@dont-email.me>
Xref: news.eternal-september.org comp.lang.ada:66349
List-Id: <comp.lang.ada>


>> This way, the security stuff is manage by the front end, not your 
>> application. You can also run multiple applications, each being 
>> redirected to its domain name/path.
>But security breaches mainly use known bugs in Apache... If you write 
>your own server with AWS, the attacker knows nothing about the software 
>that answers! And as for buffer overflows attacks... well, it's Ada. 
>You'll see some handled Constraint_Error in the log file, end of story!

AWS uses OpenSSL or a fair bit better LibreSSL for TLS, written in C and
 quite often found vulnerable. You could isolate the nginx proxy to another
 machine though.


-- 
Regards, Kc