Hi Amit K, welcome! I may be speaking out of turn, but I *think* the erlang-questions mailing list is the more appropriate place. This mailing list is about Erlang Enhancement Proposal and writing one requires a more complete overview and understanding of a change and its impact on the language, runtime and ecosystem. You can learn more about them here: https://www.erlang.org/erlang-enhancement-proposals/home
Furthermore, erlang-questions has more users, so it is the best place if you want to get feedback on ideas. Then based on this feedback and if a complex change is necessary, you could submit an EEP. I hope this clarifies a bit! *José Valim* www.plataformatec.com.br Founder and Director of R&D On Mon, Oct 21, 2019 at 8:00 PM Amit K <[email protected]> wrote: > Hi all, > > (originally posted this to erlang-questions, I realize now that this is > the more fitting list for that). > > I am very new to Erlang, am considering to use it in a project and I have > some security concerns. > I can see it's quite easy to configure TLS for the node-to-node > communication, but making the name-to-port resolution service (epmd) secure > seem a bit too complex to me, such as the one suggested here: > https://www.erlang-solutions.com/blog/erlang-and-elixir-distribution-without-epmd.html > > So I was thinking, seeing that there are already options to: > 1. Start a distributed node without epmd (-start_epmd false) > 2. Limit a node's port numbers to a specific range (via inet_dist_listen_min > & inet_dist_listen_max). > > Wouldn't it be nice if we could also specify a predefined port to spawn/4, > to complete that picture? That is allow spawn to look like: > spawn("Name@Host:Port", Mod, Func, ArgList). > Then when spawn sees that a port was provided, it can completely skip the > "epmd resolution" part and proceed with connecting to the target node via > the provided port. > Note: I realize that the "Name" becomes slightly redundant when the Port > is explicit. However this can still be useful - it would be good if the > implementation will actually also verify that the port belongs to the > provided name at the receiving side, so that a node will not accidentally > process a message that wasn't meant for it. > > Again, I'm a complete newbie to Erlang in general, so I may be missing > something essential here :) But I would love to know what that is, if > that's the case, or hear your thoughts in general otherwise :) > > Thanks! > _______________________________________________ > eeps mailing list > [email protected] > http://erlang.org/mailman/listinfo/eeps >
_______________________________________________ eeps mailing list [email protected] http://erlang.org/mailman/listinfo/eeps
