[erlang-questions] Shortnames
Lev Walkin
vlm@REDACTED
Mon Feb 2 15:32:07 CET 2009
Short names are not any more secure than long names. They're just
shorter and thus a bit more easily transferrable between different
installations, such as development/testing/staging/production.
Zvi wrote:
> Hi,
>
> Is using shortnames in distributed Erlang more secure, than longnames? I.e.
> even if intruder guessed the cookie, he/she still will not able to connect
> from different subnet.
Users will be able to connect from different subnet even in short-names
configuration. To disable ability to accept connections from non-local
networks one should use "-kernel check_ip true" option to `erl` during
VM start.
> Also, I heard that some high profile projects do not use distribution at
> all, replacing it with custom RPC mechanism like [1]. Is there are any
> reasons beside security for this?
Beside security, I heard of another reason: not being sure about
performance, scalability and reliability properties of standard
internode communication. In my view, using AMQP should be more natural
next step than rolling out custom RPC in such case (if security is not
the primary concern of going away from native RPC).
> Thanks in Advance,
> Zvi
>
> [1]
> %%It is very easy to roll your own RPC:
> call(Sock, M,F,A) ->
> gen_tcp:send(Sock, erlang:term_to_binary(M,F,A)).
>
> %% TODO
>
> %%Then at the other end:
> loop(Sock, Allowed_funcs) ->
> receive
> {tcp, Sock, Data} ->
> case erlang:binary_to_term(Data) of
> {M, F, A} when is_list(A) ->
> case lists:member({M,F,length(A)}, Allowed_funcs) of
> true ->
> apply(M,F,A);
> false ->
> ignore
> end;
> _ -> ignore
> end ,
> loop(Sock, Allowed_funcs).
>
I assume this is just a proof of concept [pseudo]code. This exact loop
won't work reliably in practice due to TCP segmentation semantics.
--
Lev Walkin
vlm@REDACTED
More information about the erlang-questions
mailing list