分布式erlang安全怎么办？ [英] Distributed erlang security how to?

问题描述

我想要有两个可以相互通信的独立的erlang节点：

I want to have 2 independent erlang nodes that could communicate with each other:

so node a @ myhost 将能够发送消息到 b @ myhost 。

so node a@myhost will be able to send messages to b@myhost.

有没有办法限制节点 a @ myhost ，所以只有一个来自 secure_module 的功能可以被调用在 b @ myhost ？

Are there any ways to restrict node a@myhost, so only a function from a secure_module could be called on b@myhost?

它应该是这样的： p>

It should be something like:

a@myhost> rpc:call(b@myhost,secure_module,do,[A,B,C]) returns  {ok,Result}

和所有其他电话

a@myhost> rpc:call(b@myhost,Modue,Func,Args)  return {error, Reason}

选项将是使用 ZeroMQ 库来建立节点之间的通信，但是如果可以使用一些标准的Erlang函数/模块完成更好？

One of the options would be to use ZeroMQ library to establish a communication between nodes, but would it be better if it could be done using some standard Erlang functions/modules?

推荐答案

在这种情况下，分布式Erlang不是你想要的。将节点A连接到节点B构成一个集群 - 一个巨大的，可信赖的计算环境。你不想信任这个的一部分，所以你不想要一个集群。

In this case distributed Erlang is not what you want. Connecting node A to node B makes a single cluster -- one huge, trusted computing environment. You don't want to trust part of this, so you don't want a single cluster.

而是写一个特定的网络服务。使用网络本身作为您的抽象层。最直接的方法是建立流连接（只是无聊的旧的 gen_tcp 或 gen_sctp 或使用ssl ，或任何）从A到B。

Instead write a specific network service. Use the network itself as your abstraction layer. The most straightforward way to do this is to establish a stream connection (just boring old gen_tcp, or gen_sctp or use ssl, or whatever) from A to B.

A上的套接字处理进程从节点A的任何部分接收消息，需要调用B - 你写这个正如你直接连接的那样。使用正常的Erlang消息传递风格： Message = {name_of_request，Data} 或类似。在A上的连接过程只需要 gen_tcp：send（Socket，term_to_binary（Message））。

The socket handling process on A receives messages from whatever parts of node A need to call B -- you write this exactly as you would if they were directly connected. Use a normal Erlang messaging style: Message = {name_of_request, Data} or similar. The connecting process on A simply does gen_tcp:send(Socket, term_to_binary(Message)).

套接字处理通过简单地接收 {tcp，Socket，Bin} - >，在B梭上的进程在套接字和您的服务进程之间接收到网络消息。服务员！ binary_to_term（Bin）。

The socket handling process on B shuttles received network messages between the socket and your servicing processes by simply receiving {tcp, Socket, Bin} -> Servicer ! binary_to_term(Bin).

计算结果通过完全相同的过程使用 term_to_binary / binary_to_term 再次翻译。

Results of computation go back the other direction through the exact same process using the term_to_binary/binary_to_term translation again.

您的服务流程应该正确接收消息，而忽略任何没有意义的东西（通常只是记录废话）。所以以这种方式你没有直接的RPC（这在不受信任的环境中是不安全的），你只是响应你的（小小的）消息传递协议中定义的有效语义。编写套接字处理过程的方法是可以为您提供这些信息，并使其感觉就像处理分布式Erlang中的受信任环境一样，但实际上您有两个独立的集群，这些集群在每个可以请求的情况下都受到限制另外根据您的协议的定义。

Your service processes should be receiving well defined messages, and disregarding whatever doesn't make sense (usually just logging the nonsense). So in this way you are not doing a direct RPC (which is unsafe in an untrusted environment) you are only responding to valid semantics defined in your (little tiny) messaging protocol. The way the socket handling processes are written is what can abstract this for you and make it feel just as though you are dealing with a trusted environment within distributed Erlang, but actually you have two independent clusters which are limited in what they can request of each other by the definition of your protocol.

这篇关于分布式erlang安全怎么办？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！