Re: Embedded Keynote Speaker Mentions Ada

comp.lang.ada
 help / color / mirror / Atom feed

From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: Embedded Keynote Speaker Mentions Ada
Date: Thu, 23 Sep 2004 17:19:04 -0500
Date: 2004-09-23T17:19:04-05:00	[thread overview]
Message-ID: <5uqdnVWez_8P1s7cRVn-sw@megapath.net> (raw)
In-Reply-To: eIn4d.3914$d5.30556@newsb.telia.net

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1944 bytes --]

"Bj�rn Persson" <spam-away@nowhere.nil> wrote in message
news:eIn4d.3914$d5.30556@newsb.telia.net...
Jeffrey Carter wrote:

>> www.AdaIC.com and archive.AdaIC.com run on a server with the web server
>> software written in Ada. According to Randy B, everything that goes
>> around on the internet has attacked the server, but nothing has
>> succeeded in over 3 years.

>Well, it's hardly surprising that a worm written for a certain
>vulnerability in Microsoft Internet Information Server can't hurt a
>totally different server.

True enough, but that's part of the point. Servers like IIS and Apache try
to be all things to all people by supporting various plugins and dynamic
configurations. These same features are often hijacked for malicious uses.
By doing the configuration at compile-time, and by avoiding support for
plugins and other dangerous options, the server is necessarily much more
secure. For instance, it isn't possible to cause the server to run a shell,
because there is no code in the server that can run any other program. Thus,
it is simply impossible to hijack it that way.

Of course, that's not specific to Ada. What has helped about Ada is that
errors can be trapped, logged, and then the task can continue to operate.
That's kept the server running even when it has had fairly significant bugs
(especially in handling malicious input). Those bugs could very well have
turned into a vulnerability in another programming language, but Ada's
checks caught the problems and raised exceptions before any real damage
could occur.

Of course, Ada is no silver bullet here. It's still necessary to pay close
attention to things like file traversal errors, and its certainly possible
that the server contains some sort of vulnerability. I would never say it
was impossible to crack, because that only encourages people to try (ask
Oracle about their vulnerability-free database...).

                          Randy.

next prev parent reply	other threads:[~2004-09-23 22:19 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-09-16 23:57 Embedded Keynote Speaker Mentions Ada Jim Gurtner
2004-09-17  0:28 ` Larry Kilgallen
2004-09-17  1:16   ` Jim Gurtner
2004-09-17 23:08   ` Cesar Rabak
2004-09-18  0:26     ` stephane richard
2004-09-18  0:57       ` Larry Kilgallen
2004-09-20  0:23       ` Cesar Rabak
2004-09-20  2:11         ` stephane richard
2004-09-20 14:05           ` Cesar Rabak
2004-09-20 20:55             ` stephane richard
2004-09-20 22:06               ` Björn Persson
2004-09-21  0:38                 ` Cesar Rabak
2004-09-21  2:44                   ` stephane richard
2004-09-21 11:48                     ` Björn Persson
2004-09-21 18:08                       ` Martin Krischik
2004-09-21  1:07             ` Benjamin Ketcham
2004-09-21 16:59               ` Warren W. Gay VE3WWG
2004-09-21 19:12                 ` Cesar Rabak
2004-09-21 19:49                   ` Jeffrey Carter
2004-09-22  0:50                     ` Cesar Rabak
2004-09-22 10:08                 ` Anders Wirzenius
2004-09-22 13:04                   ` Benjamin Ketcham
2004-09-22 13:52                     ` Marius Amado Alves
2004-09-22 20:59                       ` Simon Wright
2004-09-22 22:19                         ` Marius Amado Alves
2004-09-23 19:12                           ` Simon Wright
2004-09-23 22:22                           ` Benjamin Ketcham
2004-09-22 23:06                       ` Björn Persson
2004-09-22 16:56                     ` Warren W. Gay VE3WWG
2004-09-22 17:36                       ` Pascal Obry
2004-09-23 10:34                     ` Anders Wirzenius
2004-09-21 20:34             ` Tom
2004-09-21 22:07               ` Georg Bauhaus
2004-09-22  6:20                 ` Tom
2004-09-22  7:48                   ` Jean-Pierre Rosen
2004-09-22 20:28                     ` Jeffrey Carter
2004-09-22 23:15                       ` Björn Persson
2004-09-23 22:19                         ` Randy Brukardt [this message]
2004-09-22  9:21                   ` Ada and malicious software Björn Persson
2004-09-22 16:59                     ` Warren W. Gay VE3WWG
2004-09-23  7:33                       ` Jean-Pierre Rosen
2004-09-22  0:56               ` Embedded Keynote Speaker Mentions Ada Cesar Rabak
2004-09-22  2:43               ` stephane richard
2004-09-22  9:24                 ` Peter Hermann
2004-09-23 22:09               ` Randy Brukardt
2004-09-24  3:21                 ` CBFalconer
2004-09-26 11:02                 ` Tom
2004-09-17  2:10 ` Steve
2004-09-17  4:30   ` Larry Kilgallen
2004-09-17 23:58 ` Christopher Browne
2004-09-18  1:01   ` Ed Falis
2004-09-18  3:50     ` Christopher Browne
2004-09-18 11:22   ` Simon Wright
  -- strict thread matches above, loose matches on Subject: below --
2004-09-17  6:10 Christoph Karl Walter Grein

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox