[erlang-questions] Shortnames

Lev Walkin vlm@REDACTED
Mon Feb 2 15:32:07 CET 2009

Short names are not any more secure than long names. They're just 
shorter and thus a bit more easily transferrable between different 
installations, such as development/testing/staging/production.

Zvi wrote:
> Hi,
> Is using shortnames in distributed Erlang more secure, than longnames? I.e.
> even if intruder guessed the cookie, he/she still will not able to connect
> from different subnet.

Users will be able to connect from different subnet even in short-names 
configuration. To disable ability to accept connections from non-local 
networks one should use "-kernel check_ip true" option to `erl` during 
VM start.

> Also, I heard that some high profile projects do not use distribution at
> all, replacing it with custom RPC mechanism like [1]. Is there are any
> reasons beside security for this?

Beside security, I heard of another reason: not being sure about 
performance, scalability and reliability properties of standard 
internode communication. In my view, using AMQP should be more natural 
next step than rolling out custom RPC in such case (if security is not 
the primary concern of going away from native RPC).

> Thanks in Advance,
> Zvi
> [1]
> %%It is very easy to roll your own RPC: 
> call(Sock, M,F,A) -> 
>      gen_tcp:send(Sock, erlang:term_to_binary(M,F,A)). 
> %% TODO
> %%Then at the other end: 
> loop(Sock, Allowed_funcs) ->
> 	receive 
> 	     {tcp, Sock, Data} -> 
>         	 case erlang:binary_to_term(Data) of 
> 	             {M, F, A} when is_list(A) -> 
>         	         case lists:member({M,F,length(A)}, Allowed_funcs) of 
>                 	     true -> 
>                         	 apply(M,F,A); 
> 	                     false -> 
>         	                  ignore 
>                 	  end; 
> 	             _ -> ignore
>         end ,
> 	loop(Sock, Allowed_funcs).

I assume this is just a proof of concept [pseudo]code. This exact loop 
won't work reliably in practice due to TCP segmentation semantics.

Lev Walkin

More information about the erlang-questions mailing list