[erlang-questions] Securing Erlang internals

Richard Andrews bbmaj7@REDACTED
Tue Mar 25 12:54:41 CET 2008


I've been asked to do such things with python which has similar problems and
IMO there is no security to be gained from doing such a thing. You will make
life uncessarily difficult for yourself (troubleshooting) and the customer.

If the knowledge of internals of the client is sufficient to allow an attack on
the server then there is no security in the application.

It sounds to me like this is about intellectual property concerns rather than
security.

--- Mikl Kurkov <mkurkov@REDACTED> wrote:
> 
> In my current project I have a client part that will be deployed to untrusted
> computers,
> and I'm thinking about the ways of closing Erlang node internals from
> inspection.
> Now it's too easy to load some beams to erlang, run module_info and try to
> run some interesting funs.
> I understand that it's not possible to make it totaly secured as we have got
> access to machine internals,
> but I would like to make it not so easy as it is.
> Ideally it should look like ordinal compiled program and to understand it
> internals you will have
> to disasm it.



      Get the name you always wanted with the new y7mail email address.
www.yahoo7.com.au/y7mail





More information about the erlang-questions mailing list