From 30f4fc6963e5793368713897f32afd2172dc1578 Mon Sep 17 00:00:00 2001 From: Lukas Larsson Date: Thu, 18 May 2017 16:11:11 +0200 Subject: otp: Extend secure distribution docs warnings Warnings have been added to the relevant documentation about not using un-secure distributed nodes in exposed environments. --- erts/doc/src/erl.xml | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'erts/doc/src/erl.xml') diff --git a/erts/doc/src/erl.xml b/erts/doc/src/erl.xml index e1aa5ce76e..8b152b83f5 100644 --- a/erts/doc/src/erl.xml +++ b/erts/doc/src/erl.xml @@ -379,6 +379,16 @@ is the fully qualified host name of the current host. For short names, use flag instead.

+ +

+ Starting a distributed node without also specifying + -proto_dist inet_tls + will expose the node to attacks that may give the attacker + complete access to the node and in extension the cluster. + When using un-secure distributed nodes, make sure that the + network is configured to keep potential attackers out. +

+ @@ -428,12 +438,17 @@ +

Specifies a protocol for Erlang distribution:

inet_tcp TCP over IPv4 (the default) inet_tls - Distribution over TLS/SSL + Distribution over TLS/SSL, See the + + Using SSL for Erlang Distribution User's Guide + for details on how to setup a secure distributed node. + inet6_tcp TCP over IPv6 @@ -497,6 +512,16 @@ exist between nodes running with flag and those running with flag , as node names must be unique in distributed Erlang systems.

+ +

+ Starting a distributed node without also specifying + -proto_dist inet_tls + will expose the node to attacks that may give the attacker + complete access to the node and in extension the cluster. + When using un-secure distributed nodes, make sure that the + network is configured to keep potential attackers out. +

+ -start_epmd true | false -- cgit v1.2.3