[erlang-questions] How safe is it to leave an open SSL port on the public internet?
Tue Aug 29 15:26:19 CEST 2017
I have been looking on CVE at security vulnerabilities for Erlang here : https://www.cvedetails.com/vulnerability-list/vendor_id-9446/Erlang.html <https://www.cvedetails.com/vulnerability-list/vendor_id-9446/Erlang.html> to assess the risks posed to Erlang servers.
Based on the information on these sites, it seems that Erlang’s OTP 19+ is very “secure” and isn’t vulnerable to any buffer overflow/stack smashing/heap smashing attacks. Would you feel comfortable leaving a open SSL port using no peer certificates on the public internet?
For example, using a gen_server, do you think it is possible to handle all calls/casts/info’s properly without posing a risk to your system? Is there anything you would do special when your system was open to the public internet?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions