Erlang cookies, rpc, security, mnesia, hidden nodes, VPN tunnels and stuff!

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Erlang cookies, rpc, security, mnesia, hidden nodes, VPN tunnels and stuff!

Trent Hampton
Greetings Erlang Wizards!

I have a client server erlang application where each server is connected to every other and is running an instance of an mnesia database across point to point VPN tunnels.

I would like to be able to use erlang rpc on the clients to make function calls on the servers without exposing raw access to the mnesia database. That is, I do not want to expose, to the clients, the cookie that I use to connect mnesia nodes together.  

Is it possible to have the servers and mnesia communicate using one cookie but have the clients connect to the servers using another cookie so that the clients cannot gain access to the raw database and so that there are no transitive connections?

According to http://erlang.org/doc/reference_manual/distributed.html section 13.3-5; it is possible to turn off transitive connections with the -connect_all false flag or by making a node hidden. Is it possible to use the hidden node and also use a different cookie for the client to server connection than the cookie used between the servers?

Thank you!

Trent
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Erlang cookies, rpc, security, mnesia, hidden nodes, VPN tunnels and stuff!

Tobias Schlager-2
Hi Trent,

AFAIK it is possible to use different cookies for different nodes, the distribution protocol allows it. Furthermore it is possible to set different cookies on a node for remote nodes manually, see [1]. However, most probably this is not a good idea and I have to admit that I've never used this 'feature' (in production).

Regards
Tobias

[1] http://erlang.org/doc/man/erlang.html#set_cookie-2

________________________________________
Von: [hidden email] [[hidden email]]" im Auftrag von "Trent Hampton [[hidden email]]
Gesendet: Dienstag, 20. September 2016 20:47
An: [hidden email]
Betreff: [erlang-questions] Erlang cookies, rpc, security, mnesia,      hidden nodes, VPN tunnels and stuff!

Greetings Erlang Wizards!

I have a client server erlang application where each server is connected to every other and is running an instance of an mnesia database across point to point VPN tunnels.

I would like to be able to use erlang rpc on the clients to make function calls on the servers without exposing raw access to the mnesia database. That is, I do not want to expose, to the clients, the cookie that I use to connect mnesia nodes together.

Is it possible to have the servers and mnesia communicate using one cookie but have the clients connect to the servers using another cookie so that the clients cannot gain access to the raw database and so that there are no transitive connections?

According to http://erlang.org/doc/reference_manual/distributed.html section 13.3-5; it is possible to turn off transitive connections with the -connect_all false flag or by making a node hidden. Is it possible to use the hidden node and also use a different cookie for the client to server connection than the cookie used between the servers?

Thank you!

Trent
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Erlang cookies, rpc, security, mnesia, hidden nodes, VPN tunnels and stuff!

Bengt Kleberg
FWIW: I use different cookies for different nodes in 'production'.

A management node handles different pools, where each pool has its own
cookie.

The manager is hidden. Theoretically we could have many (10-50) pools
with max 50 machines in each. In practice we only use 2-3 pools with
10-20 machines in each.


bengt


On 09/21/2016 09:20 AM, Tobias Schlager wrote:

> Hi Trent,
>
> AFAIK it is possible to use different cookies for different nodes, the distribution protocol allows it. Furthermore it is possible to set different cookies on a node for remote nodes manually, see [1]. However, most probably this is not a good idea and I have to admit that I've never used this 'feature' (in production).
>
> Regards
> Tobias
>
> [1] http://erlang.org/doc/man/erlang.html#set_cookie-2
>
> ________________________________________
> Von: [hidden email] [[hidden email]]" im Auftrag von "Trent Hampton [[hidden email]]
> Gesendet: Dienstag, 20. September 2016 20:47
> An: [hidden email]
> Betreff: [erlang-questions] Erlang cookies, rpc, security, mnesia,      hidden nodes, VPN tunnels and stuff!
>
> Greetings Erlang Wizards!
>
> I have a client server erlang application where each server is connected to every other and is running an instance of an mnesia database across point to point VPN tunnels.
>
> I would like to be able to use erlang rpc on the clients to make function calls on the servers without exposing raw access to the mnesia database. That is, I do not want to expose, to the clients, the cookie that I use to connect mnesia nodes together.
>
> Is it possible to have the servers and mnesia communicate using one cookie but have the clients connect to the servers using another cookie so that the clients cannot gain access to the raw database and so that there are no transitive connections?
>
> According to http://erlang.org/doc/reference_manual/distributed.html section 13.3-5; it is possible to turn off transitive connections with the -connect_all false flag or by making a node hidden. Is it possible to use the hidden node and also use a different cookie for the client to server connection than the cookie used between the servers?
>
> Thank you!
>
> Trent
> _______________________________________________
> erlang-questions mailing list
> [hidden email]
> http://erlang.org/mailman/listinfo/erlang-questions
> _______________________________________________
> erlang-questions mailing list
> [hidden email]
> http://erlang.org/mailman/listinfo/erlang-questions

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Erlang cookies, rpc, security, mnesia, hidden nodes, VPN tunnels and stuff!

Sergej Jurečko
In reply to this post by Trent Hampton
You can set a cookie for nodes: http://erlang.org/doc/man/erlang.html#set_cookie-2
So if your server node first connects to other mnesia nodes with a mnesia cookie, you can then set this to change default cookie for all other nodes (clients). Theoretically I think it should work.

If I'm understanding your intention correctly you are attempting to add some security to an underlying system which has no security. There is nothing stopping clients from calling mnesia:.. functions on your server and do whatever they want. Unless clients are completely trusted, using erlang RPC for their connection is a really bad idea.

regards,
Sergej

> On 20 Sep 2016, at 20:47, Trent Hampton <[hidden email]> wrote:
>
> Greetings Erlang Wizards!
>
> I have a client server erlang application where each server is connected to every other and is running an instance of an mnesia database across point to point VPN tunnels.
>
> I would like to be able to use erlang rpc on the clients to make function calls on the servers without exposing raw access to the mnesia database. That is, I do not want to expose, to the clients, the cookie that I use to connect mnesia nodes together.  
>
> Is it possible to have the servers and mnesia communicate using one cookie but have the clients connect to the servers using another cookie so that the clients cannot gain access to the raw database and so that there are no transitive connections?
>
> According to http://erlang.org/doc/reference_manual/distributed.html section 13.3-5; it is possible to turn off transitive connections with the -connect_all false flag or by making a node hidden. Is it possible to use the hidden node and also use a different cookie for the client to server connection than the cookie used between the servers?
>
> Thank you!
>
> Trent
> _______________________________________________
> erlang-questions mailing list
> [hidden email]
> http://erlang.org/mailman/listinfo/erlang-questions

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Erlang cookies, rpc, security, mnesia, hidden nodes, VPN tunnels and stuff!

Chandru-4
In reply to this post by Trent Hampton
Hi Trent,

On 20 September 2016 at 19:47, Trent Hampton <[hidden email]> wrote:
Greetings Erlang Wizards!

I have a client server erlang application where each server is connected to every other and is running an instance of an mnesia database across point to point VPN tunnels.

I would like to be able to use erlang rpc on the clients to make function calls on the servers without exposing raw access to the mnesia database. That is, I do not want to expose, to the clients, the cookie that I use to connect mnesia nodes together.

It mostly has the same API as native rpc module, but on the server side you can specify access controls for each client. You can specify which client ips are allowed to connect, and for each incoming IP address, what combination of {Module, Function} are allowed.

regards,
Chandru


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions