[erlang-questions] Supporting a port number in spawn/4

Grzegorz Junka list1@REDACTED
Tue Oct 22 09:54:13 CEST 2019

On 21/10/2019 21:25, Amit K wrote:
> Hi all,
> I am very new to Erlang, am considering to use it in a project and I 
> have some security concerns.
> I can see it's quite easy to configure TLS for the node-to-node 
> communication, but making the name-to-port resolution service (epmd) 
> secure seem a bit too complex to me, such as the one suggested here: 
> https://www.erlang-solutions.com/blog/erlang-and-elixir-distribution-without-epmd.html
> So I was thinking, seeing that there are already options to:
> 1. Start a distributed node without epmd (-start_epmd false)
> 2. Limit a node's port numbers to a specific range (via 
> inet_dist_listen_min &inet_dist_listen_max).
> Wouldn't it be nice if we could also specify a predefined port to 
> spawn/4, to complete that picture? That is allow spawn to look like:
> spawn("Name@REDACTED:Port", Mod, Func, ArgList).
> Then when spawn sees that a port was provided, it can completely skip 
> the "epmd resolution" part and proceed with connecting to the target 
> node via the provided port.
> Note: I realize that the "Name" becomes slightly redundant when the 
> Port is explicit. However this can still be useful - it would be good 
> if the implementation will also verify that the port belongs to the 
> provided name at the receiving side, so that a node will not 
> accidentally process a message that wasn't meant for it.
> Again, I'm a complete newbie to Erlang in general, so I may be missing 
> something essential here :) But I would love to know what that is, if 
> that's the case, or hear your thoughts in general otherwise :)

Hi Amit,

There is also another option, run any communication between nodes via IP 
tunnels <https://en.wikipedia.org/wiki/IP_tunnel>. There are some tools 
to automate that 
They are mostly used between docker containers or pods but it's just a 
detail, equally well they can support a microarchitecture build on 
Erlang nodes.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20191022/be1ac5ce/attachment.htm>

More information about the erlang-questions mailing list