[erlang-questions] Supporting a port number in spawn/4
Tue Oct 22 09:54:13 CEST 2019
On 21/10/2019 21:25, Amit K wrote:
> Hi all,
> I am very new to Erlang, am considering to use it in a project and I
> have some security concerns.
> I can see it's quite easy to configure TLS for the node-to-node
> communication, but making the name-to-port resolution service (epmd)
> secure seem a bit too complex to me, such as the one suggested here:
> So I was thinking, seeing that there are already options to:
> 1. Start a distributed node without epmd (-start_epmd false)
> 2. Limit a node's port numbers to a specific range (via
> inet_dist_listen_min &inet_dist_listen_max).
> Wouldn't it be nice if we could also specify a predefined port to
> spawn/4, to complete that picture? That is allow spawn to look like:
> spawn("Name@REDACTED:Port", Mod, Func, ArgList).
> Then when spawn sees that a port was provided, it can completely skip
> the "epmd resolution" part and proceed with connecting to the target
> node via the provided port.
> Note: I realize that the "Name" becomes slightly redundant when the
> Port is explicit. However this can still be useful - it would be good
> if the implementation will also verify that the port belongs to the
> provided name at the receiving side, so that a node will not
> accidentally process a message that wasn't meant for it.
> Again, I'm a complete newbie to Erlang in general, so I may be missing
> something essential here :) But I would love to know what that is, if
> that's the case, or hear your thoughts in general otherwise :)
There is also another option, run any communication between nodes via IP
tunnels <https://en.wikipedia.org/wiki/IP_tunnel>. There are some tools
to automate that
They are mostly used between docker containers or pods but it's just a
detail, equally well they can support a microarchitecture build on
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions