[erlang-questions] Security ForTLS Distribution

Guilherme Andrade g@REDACTED
Sat Feb 3 17:44:49 CET 2018


Hi,

On 2 February 2018 at 21:57, asdf asdf <codewiget95@REDACTED> wrote:

> I am working on the final deployment push. Since we are hosting some
> servers at AWS and some in another location, and we would like to cluster
> our nodes and use rpc’s, we added distribution over TLS. From my
> understanding, this changes the standard Erlang rpc’s to use use TLS
> connections rather than standard TCP.
>
> From this article on erlang-solutions.com: https://
> www.erlang-solutions.com/blog/erlang-distribution-over-tls.html it is
> noted that a next concern is epmd, and how it is a security concern as it’s
> connection is over TCP.
>
> How should we address this? Is there a fix? And are there any other
> security concerns that need addressing before connecting nodes across
> multiple data centers?
>

I was faced with a similar problem some time ago. Because of all the
gotchas and potential pitfalls I encountered (which, unfairly, I can no
longer recall with clarity), I decided instead to go with RPC that doesn't
depend on distribution.

For this, I created backwater[1], as most common RPC solutions require a
lot of boilerplate type conversions and/or maintenance. It can generate the
client code boilerplate necessary to call remote modules, and it uses the
external term format[2] for both function arguments and return values.
Depending on what sort of data you want to be passing around, this might be
a good fit.

But hopefully someone else will be able to answer your actual question
instead of dabbling in self-promotion :-).

[1]: https://github.com/g-andrade/backwater
[2]: http://erlang.org/doc/apps/erts/erl_ext_dist.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180203/8e2f44d3/attachment.htm>


More information about the erlang-questions mailing list