[erlang-questions] re crappy security (RE: Erlang presentation slides)

Fredrik Thulin ft@REDACTED
Thu Jun 7 10:17:26 CEST 2007

Ulf Wiger (TN/EAB) wrote:
> Just one comment,
> It is often highlighted that Erlang's cookie-based
> security model is not suitable for open networks
> (this is true), but it's not often mentioned how 
> easy it is to roll your own rpc on top of just about
> any transport protocol.

What's so crappy with shared secret if you use -proto_dist inet_ssl?

Or is the crap that you can execute arbitrary code on remote nodes, 
given that you know the shared secret? This I would agree with, I 
think... It's a two edged sword.


More information about the erlang-questions mailing list