security and OTP based apps.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

security and OTP based apps.

Niall Dalton-2
Hello,

I'm thinking of using Erlang (and OTP libs) to build a
highly-concurrent distributed application. I'd like to have
supervisors starting processes on remote nodes, hot-code
swapping and so on. All this seems much easier and more practical
in Erlang than other languages.

My only real question before starting on a prototype is on security.
The application would be accessible from the Internet. I have read a
bit about setting the cookies, but also that "the user must be allowed
to rsh to the remote hosts without being prompted for a password" (using
whatever mechanisms rsh uses for this).
 
Not being a security guy, I'm not sure how what the risks in practice
are for this kind of thing. Are there any documents on securing Erlang
based applications that are exposed to the Internet? I'd be grateful
for any pointers on useful related information.

Best regards,
niall



------------------------------

This e-mail is intended for the named addressee only.  It may contain confidential and/or privileged information.  If you have received this message in error, please let us know and then delete this message from your system.  You should not copy the message, use it for any purpose or disclose its contents to anyone.


________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________


Reply | Threaded
Open this post in threaded view
|

security and OTP based apps.

Ulf Wiger-4
On 6 May 2003, Niall Dalton wrote:

>Hello,
>
>I'm thinking of using Erlang (and OTP libs) to build a
>highly-concurrent distributed application. I'd like to have
>supervisors starting processes on remote nodes, hot-code
>swapping and so on. All this seems much easier and more
>practical in Erlang than other languages.

True.

>My only real question before starting on a prototype is on
>security. The application would be accessible from the
>Internet. I have read a bit about setting the cookies, but
>also that "the user must be allowed to rsh to the remote
>hosts without being prompted for a password" (using
>whatever mechanisms rsh uses for this).

Bengt has answered this. I propose that you make sure that
the shell given to the user is restricted. I would also
avoid giving the users access to the erlang shell.
Unfortunately, we still do not have an erlang shell with
access control.

Regarding distributed erlang, there are a couple of things
you can do to increase security:

- Use cookies that are hard to guess
- You may use net_kernel:allow/1 to restrict which nodes are
  allowed to connect to your system using distributed erlang
- By starting erlang with the boot flag
  'erl -kernel dist_auto_connect never', you can further
  restrict applications from connecting from your node
  to others (one can still do it explicitly, using
  net_kernel:connect_node/1)
- Do not use distributed erlang for your user interface.
  Rather, use some socket RPC, CORBA, UBF, or similar.
  This allows you to restrict what functions can be
  called from the outside (e.g. not allowing things like
  os:cmd("rm -rf /") or erlang:halt().)

/Uffe
--
Ulf Wiger, Senior Specialist,
   / / /   Architecture & Design of Carrier-Class Software
  / / /    Strategic Product & System Management
 / / /     Ericsson AB, Connectivity and Control Nodes