[erlang-questions] re crappy security (RE: Erlang presentation slides)

Ulf Wiger (TN/EAB) <>
Thu Jun 7 10:45:55 CEST 2007


I didn't mention running distributed Erlang
over ssl, since I was under the impression that 
it's not officially supported, but perhaps it is?

BR,
Ulf W 

> -----Original Message-----
> From: Fredrik Thulin [mailto:] 
> Sent: den 7 juni 2007 10:17
> To: Ulf Wiger (TN/EAB)
> Cc: Toby DiPasquale; 
> Subject: Re: [erlang-questions] re crappy security (RE: 
> Erlang presentation slides)
> 
> Ulf Wiger (TN/EAB) wrote:
> >  
> > Just one comment,
> > 
> > It is often highlighted that Erlang's cookie-based security 
> model is 
> > not suitable for open networks (this is true), but it's not often 
> > mentioned how easy it is to roll your own rpc on top of 
> just about any 
> > transport protocol.
> 
> What's so crappy with shared secret if you use -proto_dist inet_ssl?
> 
> Or is the crap that you can execute arbitrary code on remote 
> nodes, given that you know the shared secret? This I would 
> agree with, I think... It's a two edged sword.
> 
> /Fredrik
> 
> 



More information about the erlang-questions mailing list