[erlang-questions] re crappy security (RE: Erlang presentation slides)

Fredrik Thulin <>
Thu Jun 7 10:17:26 CEST 2007


Ulf Wiger (TN/EAB) wrote:
>  
> Just one comment,
> 
> It is often highlighted that Erlang's cookie-based
> security model is not suitable for open networks
> (this is true), but it's not often mentioned how 
> easy it is to roll your own rpc on top of just about
> any transport protocol.

What's so crappy with shared secret if you use -proto_dist inet_ssl?

Or is the crap that you can execute arbitrary code on remote nodes, 
given that you know the shared secret? This I would agree with, I 
think... It's a two edged sword.

/Fredrik




More information about the erlang-questions mailing list