[erlang-questions] security concerns

Serge Aleynikov serge@REDACTED
Sat Apr 5 19:01:56 CEST 2014


There's a patch available that partly addresses this issue of secure
multi-protocol support of nodes using SSL between data centers (
https://github.com/erlang/otp/pull/121), and non-secure communication on a
local network.

Though rejected for inclusion in OTP in its current form (
http://erlang.org/pipermail/erlang-patches/2014-January/004523.html), the
gradual introduction of these features is still on the radar.

Serge


On Fri, Apr 4, 2014 at 9:44 AM, Miles Fidelman
<mfidelman@REDACTED>wrote:

> John Kemp wrote:
>
>> On 04/04/2014 08:10 AM, Arif Ishaq wrote:
>>
>>> I just saw a post by Carlos-Trigoso on the security, or rather lack
>>> thereof in Erlang
>>> (http://carlos-trigoso.com/2014/03/04/security-taken-lightly/) .
>>>
>>> It seems like a fair evaluation.
>>>
>>
>> I would suggest that it is _not_ a fair evaluation.
>>
>> As Loïc mentioned, name any language or OS environment that does
>> something like what the author suggests for Erlang?
>>
>
> Well.... Fabric comes to mind: http://web.mit.edu/fabric_v0.2.0/fabric.pdf,
> so does E (erights.org).  As does a LOT of work in the areas of secure
> distributed operating systems, distributed agent systems, and such.
>
> I guess you could also look at various web service platforms.
>
> On the other hand, Erlang stands alone as a mature, proven, in-production
> distributed run-time environment for highly concurrent systems - so it's
> not clear that comparisons to other languages or operating system
> environments apply.
>
>
>> But more than that, why would protocols for connecting nodes inside of a
>> network be the same as protocols used between data-centres, particularly
>> when connections between data centres will possibly go across networks not
>> owned by the owner of the data centres?
>>
>>  Am I wrong, but I wasn't under the impression that Erlang's distributed
> processing functions are only for connecting nodes inside a data center.
>
> Miles Fidelman
>
> --
> In theory, there is no difference between theory and practice.
> In practice, there is.   .... Yogi Berra
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140405/5265157a/attachment.htm>


More information about the erlang-questions mailing list