security and OTP based apps.

Niall Dalton ndalton@REDACTED
Tue May 6 11:37:59 CEST 2003


Hello,

I'm thinking of using Erlang (and OTP libs) to build a 
highly-concurrent distributed application. I'd like to have 
supervisors starting processes on remote nodes, hot-code 
swapping and so on. All this seems much easier and more practical 
in Erlang than other languages.

My only real question before starting on a prototype is on security.
The application would be accessible from the Internet. I have read a 
bit about setting the cookies, but also that "the user must be allowed
to rsh to the remote hosts without being prompted for a password" (using
whatever mechanisms rsh uses for this).
 
Not being a security guy, I'm not sure how what the risks in practice
are for this kind of thing. Are there any documents on securing Erlang
based applications that are exposed to the Internet? I'd be grateful
for any pointers on useful related information.

Best regards,
niall



------------------------------

This e-mail is intended for the named addressee only.  It may contain confidential and/or privileged information.  If you have received this message in error, please let us know and then delete this message from your system.  You should not copy the message, use it for any purpose or disclose its contents to anyone.


________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________



More information about the erlang-questions mailing list