From 30f4fc6963e5793368713897f32afd2172dc1578 Mon Sep 17 00:00:00 2001
From: Lukas Larsson <lukas@erlang.org>
Date: Thu, 18 May 2017 16:11:11 +0200
Subject: otp: Extend secure distribution docs warnings

Warnings have been added to the relevant documentation
about not using un-secure distributed nodes in exposed
environments.
---
 system/doc/getting_started/conc_prog.xml    |  4 ++--
 system/doc/reference_manual/distributed.xml | 13 +++++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

(limited to 'system/doc')

diff --git a/system/doc/getting_started/conc_prog.xml b/system/doc/getting_started/conc_prog.xml
index f3136898ad..4b19095d95 100644
--- a/system/doc/getting_started/conc_prog.xml
+++ b/system/doc/getting_started/conc_prog.xml
@@ -355,8 +355,8 @@ pong ! {ping, self()},</code>
     <p>Let us rewrite the ping pong program with "ping" and "pong"
       on different computers. First a few things
       are needed to set up to get this to work. The distributed Erlang
-      implementation provides a basic security mechanism to prevent
-      unauthorized access to an Erlang system on another computer.
+      implementation provides a very basic authentication mechanism to prevent
+      unintentional access to an Erlang system on another computer.
       Erlang systems which talk to each other must have
       the same <em>magic cookie</em>. The easiest way to achieve this
       is by having a file called <c>.erlang.cookie</c> in your home
diff --git a/system/doc/reference_manual/distributed.xml b/system/doc/reference_manual/distributed.xml
index 0a4a323fe9..01d78436c5 100644
--- a/system/doc/reference_manual/distributed.xml
+++ b/system/doc/reference_manual/distributed.xml
@@ -42,6 +42,19 @@
     <p>The distribution mechanism is implemented using TCP/IP sockets.
       How to implement an alternative carrier is described in the
       <seealso marker="erts:alt_dist">ERTS User's Guide</seealso>.</p>
+    <warning>
+      <p>
+        Starting a distributed node without also specifying
+        <seealso marker="erts:erl#proto_dist"><c>-proto_dist inet_tls</c></seealso>
+        will expose the node to attacks that may give the attacker
+        complete access to the node and in extension the cluster.
+        When using un-secure distributed nodes, make sure that the
+        network is configured to keep potential attackers out.
+        See the <seealso marker="ssl:ssl_distribution">
+        Using SSL for Erlang Distribution</seealso> User's Guide
+        for details on how to setup a secure distributed node.
+      </p>
+    </warning>
   </section>
 
   <section>
-- 
cgit v1.2.3