Connecting cluster with different cookies
Tue Aug 10 10:57:00 CEST 2021
Would it be sufficient to be able to set the default cookie
for a node with e.g a new API function erlang:set_cookie(Cookie)?
/ Raimo Niskanen
On Mon, Aug 09, 2021 at 01:29:15PM -0400, Mark Sheldon wrote:
> I don’t represent a large application, but perhaps this is a common use case — or perhaps someone can give me a better way to do this.
> I use erlang:set_cookie/2 in escripts I have my students (and potentially teaching assistants) use to communicate with Erlang services I provide. For example, I have a script for submitting late work that captures dates on students files and sends the student’s submission and metadata to an Erlang server.
> These programs are run by students whose accounts I cannot control. They are not in any privileged Unix group, and they will not have a cookie file in their home directories. So, the scripts explicitly set the cookie so that they can communicate with my server(s).
> An analogous situation could arise if I want to have a web page interact with a service. The department uses Apache and supports CGI scripts. I can write an escripts in the same way as above.
> I don’t run that many services, but it seems reasonable to have services available to staff that are different from students and to use different cookies for the two groups of nodes.
> I understand that it’s not great security. But the scripts can only be run people with department accounts, and the network is behind a firewall.
> If I have missed a better solution, I’d be interested to hear about it. I mostly hacked the late submission system together one afternoon as a more fun approach to a common problem, and I’ve been using it ever since.
> Mark A. Sheldon
> Associate Teaching Professor
> Department of Computer Science
> Tufts University
> > On 9Aug, 2021, at 12:40, James Aimonetti <james@REDACTED> wrote:
> > Raimo Niskanen writes:
> >> The question is now, is this an essential feature / how
> >> important is this feature?
> > In the KAZOO project, we support setting different cookies for
> > connecting to our C-node code in the FreeSWITCH project. This has been
> > in place for over 8 years.
> > While I do not think anyone really uses this feature, I also know that
> > with our recent preliminary release of KAZOO 5.0, we've found folks
> > using corners of the software that we did not anticipate.
> > I would not call this an essential feature for our project, personally,
> > but I am also not relishing finding that one cluster which relies on
> > unique cookies for some reason.
> > I've put out a question to our OPS team and our open source forum. If
> > any users require it as part of their operations, I'll forward that
> > along.
> > --
> > James Aimonetti
> > Lead Systems Architect
> > 2600Hz | http://2600hz.com | UCaaS CPaaS CCaaS
> > tel:415.886.7905
> > irc:mc_ @ libera.chat #2600hz
/ Raimo Niskanen, Erlang/OTP, Ericsson AB
More information about the erlang-questions