Re: Ada/GNAT/AWS-friendly web hosting

["Randy Brukardt" <randy@rrsoftware.com>]

"Lawrence D'Oliveiro" <ldo@nz.invalid> wrote in message 
news:vbvqb7$esm6$11@dont-email.me...
> On Thu, 12 Sep 2024 19:06:08 +0200, J-P. Rosen wrote:
>
>> But security breaches mainly use known bugs in Apache... If you write
>> your own server with AWS, the attacker knows nothing about the software
>> that answers!
>
> That's called "security through obscurity". Not recommended.

That's the wrong way to look at it. An Ada program is better thought of as 
"security by simplicity and correctness", because you are running an Ada 
that only does a few things (and which can be throughly tested, checked with 
static analysis, and so on) rather than a general program that does a 
zillion things (with many combinations that can't be tested).

The only place "obscurity" comes into it is that no one else is running the 
exact same program as you. So attacks that depend on any sort of knowledge 
of the program cannot succeed.

In any case, there is no such thing as "secure", there are only levels, and 
for the sorts of non-critical stuff that we're doing, an Ada program is 
certainly secure enough. I wouldn't try to run a storefront on it (although 
that would be more because you'd have a hard time convincing your bank that 
it is OK than any real problems), or anything that needs high-level 
security.

                  Randy.