[erlang-questions] How safe is it to leave an open SSL port on the public internet?

code wiget <>
Tue Aug 29 15:26:19 CEST 2017


Hello,

I have been looking on CVE at security vulnerabilities for Erlang here : https://www.cvedetails.com/vulnerability-list/vendor_id-9446/Erlang.html <https://www.cvedetails.com/vulnerability-list/vendor_id-9446/Erlang.html> to assess the risks posed to Erlang servers.


Based on the information on these sites, it seems that Erlang’s OTP 19+ is very “secure” and isn’t vulnerable to any buffer overflow/stack smashing/heap smashing attacks. Would you feel comfortable leaving a open SSL port using no peer certificates on the public internet?

For example, using a gen_server, do you think it is possible to handle all calls/casts/info’s properly without posing a risk to your system? Is there anything you would do special when your system was open to the public internet?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170829/59faff11/attachment.html>


More information about the erlang-questions mailing list