From mboxrd@z Thu Jan 1 00:00:00 1970 Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Ada/GNAT/AWS-friendly web hosting Date: Sat, 14 Sep 2024 01:38:16 -0500 Organization: A noiseless patient Spider Message-ID: References: Injection-Date: Sat, 14 Sep 2024 08:38:20 +0200 (CEST) Injection-Info: dont-email.me; posting-host="252dd07fce3ba32f52749428b1b0da73"; logging-data="1418241"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/jhTQ+okNdo55lylQSvvpcByLmYP5ImKA=" Cancel-Lock: sha1:1fVU0PBVZEraWFNUo7jUKU1zAd8= X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-RFC2646: Format=Flowed; Original X-Priority: 3 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.7246 Xref: news.eternal-september.org comp.lang.ada:66371 List-Id: "Lawrence D'Oliveiro" wrote in message news:vbvqb7$esm6$11@dont-email.me... > On Thu, 12 Sep 2024 19:06:08 +0200, J-P. Rosen wrote: > >> But security breaches mainly use known bugs in Apache... If you write >> your own server with AWS, the attacker knows nothing about the software >> that answers! > > That's called "security through obscurity". Not recommended. That's the wrong way to look at it. An Ada program is better thought of as "security by simplicity and correctness", because you are running an Ada that only does a few things (and which can be throughly tested, checked with static analysis, and so on) rather than a general program that does a zillion things (with many combinations that can't be tested). The only place "obscurity" comes into it is that no one else is running the exact same program as you. So attacks that depend on any sort of knowledge of the program cannot succeed. In any case, there is no such thing as "secure", there are only levels, and for the sorts of non-critical stuff that we're doing, an Ada program is certainly secure enough. I wouldn't try to run a storefront on it (although that would be more because you'd have a hard time convincing your bank that it is OK than any real problems), or anything that needs high-level security. Randy.