security and OTP based apps.

[Ulf Wiger]

On 6 May 2003, Niall Dalton wrote:

>Hello,
>
>I'm thinking of using Erlang (and OTP libs) to build a
>highly-concurrent distributed application. I'd like to have
>supervisors starting processes on remote nodes, hot-code
>swapping and so on. All this seems much easier and more
>practical in Erlang than other languages.

True.

>My only real question before starting on a prototype is on
>security. The application would be accessible from the
>Internet. I have read a bit about setting the cookies, but
>also that "the user must be allowed to rsh to the remote
>hosts without being prompted for a password" (using
>whatever mechanisms rsh uses for this).

Bengt has answered this. I propose that you make sure that
the shell given to the user is restricted. I would also
avoid giving the users access to the erlang shell.
Unfortunately, we still do not have an erlang shell with
access control.

Regarding distributed erlang, there are a couple of things
you can do to increase security:

- Use cookies that are hard to guess
- You may use net_kernel:allow/1 to restrict which nodes are
  allowed to connect to your system using distributed erlang
- By starting erlang with the boot flag
  'erl -kernel dist_auto_connect never', you can further
  restrict applications from connecting from your node
  to others (one can still do it explicitly, using
  net_kernel:connect_node/1)
- Do not use distributed erlang for your user interface.
  Rather, use some socket RPC, CORBA, UBF, or similar.
  This allows you to restrict what functions can be
  called from the outside (e.g. not allowing things like
  os:cmd("rm -rf /") or erlang:halt().)

/Uffe
-- 
Ulf Wiger, Senior Specialist,
   / / /   Architecture & Design of Carrier-Class Software
  / / /    Strategic Product & System Management
 / / /     Ericsson AB, Connectivity and Control Nodes