[erlang-questions] Erlang cookies, rpc, security, mnesia, hidden nodes, VPN tunnels and stuff!
Tobias Schlager
Tobias.Schlager@REDACTED
Wed Sep 21 09:20:54 CEST 2016
- Previous message (by thread): [erlang-questions] Erlang cookies, rpc, security, mnesia, hidden nodes, VPN tunnels and stuff!
- Next message (by thread): [erlang-questions] Erlang cookies, rpc, security, mnesia, hidden nodes, VPN tunnels and stuff!
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Hi Trent,
AFAIK it is possible to use different cookies for different nodes, the distribution protocol allows it. Furthermore it is possible to set different cookies on a node for remote nodes manually, see [1]. However, most probably this is not a good idea and I have to admit that I've never used this 'feature' (in production).
Regards
Tobias
[1] http://erlang.org/doc/man/erlang.html#set_cookie-2
________________________________________
Von: erlang-questions-bounces@REDACTED [erlang-questions-bounces@REDACTED]" im Auftrag von "Trent Hampton [trenthampton@REDACTED]
Gesendet: Dienstag, 20. September 2016 20:47
An: erlang-questions@REDACTED
Betreff: [erlang-questions] Erlang cookies, rpc, security, mnesia, hidden nodes, VPN tunnels and stuff!
Greetings Erlang Wizards!
I have a client server erlang application where each server is connected to every other and is running an instance of an mnesia database across point to point VPN tunnels.
I would like to be able to use erlang rpc on the clients to make function calls on the servers without exposing raw access to the mnesia database. That is, I do not want to expose, to the clients, the cookie that I use to connect mnesia nodes together.
Is it possible to have the servers and mnesia communicate using one cookie but have the clients connect to the servers using another cookie so that the clients cannot gain access to the raw database and so that there are no transitive connections?
According to http://erlang.org/doc/reference_manual/distributed.html section 13.3-5; it is possible to turn off transitive connections with the -connect_all false flag or by making a node hidden. Is it possible to use the hidden node and also use a different cookie for the client to server connection than the cookie used between the servers?
Thank you!
Trent
_______________________________________________
erlang-questions mailing list
erlang-questions@REDACTED
http://erlang.org/mailman/listinfo/erlang-questions
- Previous message (by thread): [erlang-questions] Erlang cookies, rpc, security, mnesia, hidden nodes, VPN tunnels and stuff!
- Next message (by thread): [erlang-questions] Erlang cookies, rpc, security, mnesia, hidden nodes, VPN tunnels and stuff!
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the erlang-questions
mailing list