diff options
| author | Lukas Larsson <[email protected]> | 2017-05-23 14:54:42 +0200 |
|---|---|---|
| committer | Lukas Larsson <[email protected]> | 2017-05-23 14:54:42 +0200 |
| commit | 24481c66a615c62b22d664e141b581b979af0eaf (patch) | |
| tree | 157af55a91a43bd0fe3453d6b0073be8e4c0c217 /system | |
| parent | 70f78dcf8e65eb0da6b843d49d0cd3115c76f1c0 (diff) | |
| parent | 30f4fc6963e5793368713897f32afd2172dc1578 (diff) | |
| download | otp-24481c66a615c62b22d664e141b581b979af0eaf.tar.gz otp-24481c66a615c62b22d664e141b581b979af0eaf.tar.bz2 otp-24481c66a615c62b22d664e141b581b979af0eaf.zip | |
Merge branch 'lukas/doc/extend-secure-distr-warn/OTP-14425'
* lukas/doc/extend-secure-distr-warn/OTP-14425:
otp: Extend secure distribution docs warnings
Diffstat (limited to 'system')
| -rw-r--r-- | system/doc/getting_started/conc_prog.xml | 4 | ||||
| -rw-r--r-- | system/doc/reference_manual/distributed.xml | 13 |
2 files changed, 15 insertions, 2 deletions
diff --git a/system/doc/getting_started/conc_prog.xml b/system/doc/getting_started/conc_prog.xml index f3136898ad..4b19095d95 100644 --- a/system/doc/getting_started/conc_prog.xml +++ b/system/doc/getting_started/conc_prog.xml @@ -355,8 +355,8 @@ pong ! {ping, self()},</code> <p>Let us rewrite the ping pong program with "ping" and "pong" on different computers. First a few things are needed to set up to get this to work. The distributed Erlang - implementation provides a basic security mechanism to prevent - unauthorized access to an Erlang system on another computer. + implementation provides a very basic authentication mechanism to prevent + unintentional access to an Erlang system on another computer. Erlang systems which talk to each other must have the same <em>magic cookie</em>. The easiest way to achieve this is by having a file called <c>.erlang.cookie</c> in your home diff --git a/system/doc/reference_manual/distributed.xml b/system/doc/reference_manual/distributed.xml index 0a4a323fe9..01d78436c5 100644 --- a/system/doc/reference_manual/distributed.xml +++ b/system/doc/reference_manual/distributed.xml @@ -42,6 +42,19 @@ <p>The distribution mechanism is implemented using TCP/IP sockets. How to implement an alternative carrier is described in the <seealso marker="erts:alt_dist">ERTS User's Guide</seealso>.</p> + <warning> + <p> + Starting a distributed node without also specifying + <seealso marker="erts:erl#proto_dist"><c>-proto_dist inet_tls</c></seealso> + will expose the node to attacks that may give the attacker + complete access to the node and in extension the cluster. + When using un-secure distributed nodes, make sure that the + network is configured to keep potential attackers out. + See the <seealso marker="ssl:ssl_distribution"> + Using SSL for Erlang Distribution</seealso> User's Guide + for details on how to setup a secure distributed node. + </p> + </warning> </section> <section> |