[erlang-questions] re crappy security (RE: Erlang presentation slides)
Fredrik Thulin
ft@REDACTED
Thu Jun 7 10:17:26 CEST 2007
Ulf Wiger (TN/EAB) wrote:
>
> Just one comment,
>
> It is often highlighted that Erlang's cookie-based
> security model is not suitable for open networks
> (this is true), but it's not often mentioned how
> easy it is to roll your own rpc on top of just about
> any transport protocol.
What's so crappy with shared secret if you use -proto_dist inet_ssl?
Or is the crap that you can execute arbitrary code on remote nodes,
given that you know the shared secret? This I would agree with, I
think... It's a two edged sword.
/Fredrik
More information about the erlang-questions
mailing list