[erlang-questions] Miller's oversight

Vlad Dumitrescu <>
Mon Mar 26 09:00:41 CEST 2007


Hi,

> Re: Erlang process id forgeability

Just a related idea: another approach (that is in use here and there)
would be that when a process sends it's pid to a peer, it would also
send an unique reference. The reference is unforgeable [*] and will
serve as identification. If this mechanism is used throughout the
system, I believe it would work - but I am known to have been wrong
before :-)

[*] Regarding unforgeability (also by removing list_to_pid/1): even
binary_to_term and term_to_binary should be disabled and also C/Java
clients that have access to the internal representation and could send
a remote message with faked data.

best regards,
Vlad



More information about the erlang-questions mailing list