[erlang-questions] How to exchange sensitive data with ports?
Sat Aug 8 13:09:58 CEST 2009
On Sat, Aug 8, 2009 at 12:22 AM, Elena Garrulo<egarrulo@REDACTED> wrote:
> I'd like to access smart cards from Erlang. Since there is not
> dedicated module, I'll have to use C for that.
> In this thread:
> it is recommended that you use ports (that is: external processes) to
> exchange data with native libraries.
> However, the whole purpose of using smart cards is accessing sensitive
> information stored into the card itself. To my limited knowledge,
> opening a port (pipe) with an external process would allow sniffing.
> Is that true? If not, what tools should I use (preferably working
> both on Linux and Windows)?
Sheesh what a thread.
You can use a linked-in driver. Write the driver in C and load it as a
.so or .dll into the erlang node that needs to access the smart card
libs. The data doesn't leave the process space - but it must get there
Of course root can watch usually any data in any process (SELinux
might prevent that).
More information about the erlang-questions