[erlang-questions] re crappy security (RE: Erlang presentation slides)
Ulf Wiger (TN/EAB)
Thu Jun 7 10:45:55 CEST 2007
I didn't mention running distributed Erlang
over ssl, since I was under the impression that
it's not officially supported, but perhaps it is?
> -----Original Message-----
> From: Fredrik Thulin [mailto:ft@REDACTED]
> Sent: den 7 juni 2007 10:17
> To: Ulf Wiger (TN/EAB)
> Cc: Toby DiPasquale; erlang-questions@REDACTED
> Subject: Re: [erlang-questions] re crappy security (RE:
> Erlang presentation slides)
> Ulf Wiger (TN/EAB) wrote:
> > Just one comment,
> > It is often highlighted that Erlang's cookie-based security
> model is
> > not suitable for open networks (this is true), but it's not often
> > mentioned how easy it is to roll your own rpc on top of
> just about any
> > transport protocol.
> What's so crappy with shared secret if you use -proto_dist inet_ssl?
> Or is the crap that you can execute arbitrary code on remote
> nodes, given that you know the shared secret? This I would
> agree with, I think... It's a two edged sword.
More information about the erlang-questions