<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 21/10/2019 21:25, Amit K wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CABZ9TFSht5MhnAKnhY3qoCCt1kFPb38eyF=tfGc8_+MXddQ99A@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hi all,
<div><br>
</div>
<div>I am very new to Erlang, am considering to use it in a
project and I have some security concerns. </div>
<div>I can see it's quite easy to configure TLS for the
node-to-node communication, but making the name-to-port
resolution service (epmd) secure seem a bit too complex to me,
such as the one suggested here: <a
href="https://www.erlang-solutions.com/blog/erlang-and-elixir-distribution-without-epmd.html"
target="_blank" moz-do-not-send="true">https://www.erlang-solutions.com/blog/erlang-and-elixir-distribution-without-epmd.html</a></div>
<div><br>
</div>
<div>So I was thinking, seeing that there are already options
to:</div>
<div>1. Start a distributed node without epmd (<span
style="color:rgb(52,52,52);font-family:monospace,serif;font-size:14px;letter-spacing:0.28px">-start_epmd
false</span>) </div>
<div>2. Limit a node's port numbers to a specific range (via <span style="background-color:rgb(247,247,247);color:rgb(52,52,52);font-family:monospace,serif;font-size:11.9px;letter-spacing:0.28px;white-space:pre-wrap">inet_dist_listen_min &</span><span style="background-color:rgb(247,247,247);color:rgb(52,52,52);font-family:monospace,serif;font-size:11.9px;letter-spacing:0.28px;white-space:pre-wrap"> inet_dist_listen_max</span>).</div>
<div><br>
</div>
<div>Wouldn't it be nice if we could also specify a predefined
port to spawn/4, to complete that picture? That is allow spawn
to look like:</div>
<div>spawn("Name@Host:Port", Mod, Func, ArgList). <br>
</div>
<div>Then when spawn sees that a port was provided, it can
completely skip the "epmd resolution" part and proceed with
connecting to the target node via the provided port. </div>
<div>Note: I realize that the "Name" becomes slightly redundant
when the Port is explicit. However this can still be useful -
it would be good if the implementation will also verify that
the port belongs to the provided name at the receiving side,
so that a node will not accidentally process a message that
wasn't meant for it.</div>
<div><br>
</div>
<div>Again, I'm a complete newbie to Erlang in general, so I may
be missing something essential here :) But I would love to
know what that is, if that's the case, or hear your thoughts
in general otherwise :)</div>
</div>
<br>
</blockquote>
<p><br>
</p>
<p>Hi Amit,</p>
<p>There is also another option, run any communication between nodes
via <a moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/IP_tunnel">IP tunnels</a>.
There are some <a moz-do-not-send="true"
href="https://www.virtualthoughts.co.uk/2019/07/15/application-security-with-mutual-tls-mtls-via-istio/">tools
to automate that</a>. They are mostly used between docker
containers or pods but it's just a detail, equally well they can
support a microarchitecture build on Erlang nodes.</p>
<p>Regards<br>
Greg<br>
</p>
</body>
</html>