[erlang-patches] What's cooking in erlang/otp (2010-03-22)

Ulf Wiger ulf.wiger@REDACTED
Mon Mar 22 23:28:59 CET 2010


Musumeci, Antonio S wrote:
> 
>> "Almost secure" is not any better than "definitely not secure". You
>> > still cannot allow untrusted nodes to connect. (To reach the
>> level > of complete security is very hard for a protocol that was
>> not designed for that in the beginning.)
> 
> If this is true why support cookies at all? Why complicate the code
> with basic authentication when if you don't want two nodes possibly
> connecting to one another an individual just shouldn't start them in
> networking mode. Why have the allowed list? Or protections for ETS
> tables? Or keep around the "connected" process port info.

One reason is that you can protect against different systems
/accidentally/ connecting to each other. One example where that can
be very handy is when doing "redundancy upgrades" of a system;
while the two halves of a system are running mutually incompatible
versions of the software, or e.g. different versions of the database
schema, you really don't want them to connect. In that case, you
can ensure that they don't by changing the cookie on one side.
For this scenario, cookie-based authentication is perfectly adequate,
since the nodes involved are known to be benign.

There are many good reasons to maintain a basic level of security,
even if it doesn't protect against malicious attacks.

BR,
Ulf W
-- 
Ulf Wiger
CTO, Erlang Solutions Ltd, formerly Erlang Training & Consulting Ltd
http://www.erlang-solutions.com
---------------------------------------------------

---------------------------------------------------

WE'VE CHANGED NAMES!

Since January 1st 2010 Erlang Training and Consulting Ltd. has become ERLANG SOLUTIONS LTD.

www.erlang-solutions.com



More information about the erlang-patches mailing list