Connecting cluster with different cookies

Raimo Niskanen raimo+erlang-questions@REDACTED
Tue Aug 10 10:57:00 CEST 2021 

Would it be sufficient to be able to set the default cookie
for a node with e.g a new API function erlang:set_cookie(Cookie)?

/ Raimo Niskanen


On Mon, Aug 09, 2021 at 01:29:15PM -0400, Mark Sheldon wrote:
> I don’t represent a large application, but perhaps this is a common use case — or perhaps someone can give me a better way to do this.
> 
> I use erlang:set_cookie/2 in escripts I have my students (and potentially teaching assistants) use to communicate with Erlang services I provide.  For example, I have a script for submitting late work that captures dates on students files and sends the student’s submission and metadata to an Erlang server.
> 
> These programs are run by students whose accounts I cannot control.  They are not in any privileged Unix group, and they will not have a cookie file in their home directories.  So, the scripts explicitly set the cookie so that they can communicate with my server(s).
> 
> An analogous situation could arise if I want to have a web page interact with a service.  The department uses Apache and supports CGI scripts.  I can write an escripts in the same way as above. 
> 
> I don’t run that many services, but it seems reasonable to have services available to staff that are different from students and to use different cookies for the two groups of nodes.
> 
> I understand that it’s not great security.  But the scripts can only be run people with department accounts, and the network is behind a firewall.
> 
> If I have missed a better solution, I’d be interested to hear about it.  I mostly hacked the late submission system together one afternoon as a more fun approach to a common problem, and I’ve been using it ever since.  
> 
> -Mark
> 
> 
> Mark A. Sheldon
> Associate Teaching Professor
> Department of Computer Science
> Tufts University
> 
> 
> > On 9Aug, 2021, at 12:40, James Aimonetti <james@REDACTED> wrote:
> > 
> > 
> > Raimo Niskanen writes:
> > 
> >> The question is now, is this an essential feature / how
> >> important is this feature?
> >> 
> > 
> > In the KAZOO project, we support setting different cookies for
> > connecting to our C-node code in the FreeSWITCH project. This has been
> > in place for over 8 years.
> > 
> > While I do not think anyone really uses this feature, I also know that
> > with our recent preliminary release of KAZOO 5.0, we've found folks
> > using corners of the software that we did not anticipate.
> > 
> > I would not call this an essential feature for our project, personally,
> > but I am also not relishing finding that one cluster which relies on
> > unique cookies for some reason.
> > 
> > I've put out a question to our OPS team and our open source forum. If
> > any users require it as part of their operations, I'll forward that
> > along.
> > 
> > --
> > James Aimonetti
> > 
> > Lead Systems Architect
> > 2600Hz | http://2600hz.com | UCaaS CPaaS CCaaS
> > tel:415.886.7905
> > irc:mc_ @ libera.chat #2600hz
> 

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

More information about the erlang-questions mailing list