| … | |
… | |
| 57 | aemp delprofile <name> # eradicate the named profile |
57 | aemp delprofile <name> # eradicate the named profile |
| 58 | aemp showprofile <name> # display given profile |
58 | aemp showprofile <name> # display given profile |
| 59 | aemp showconfig <name> ... # display effective config |
59 | aemp showconfig <name> ... # display effective config |
| 60 | |
60 | |
| 61 | # node configuration: low-level protocol |
61 | # node configuration: low-level protocol |
|
|
62 | aemp [set|del]secure <boolean> |
| 62 | aemp [set|del]monitor_timeout <seconds> |
63 | aemp [set|del]monitor_timeout <seconds> |
| 63 | aemp [set|del]connect_interval <seconds> |
64 | aemp [set|del]connect_interval <seconds> |
| 64 | aemp [set|del]framing_format [array] |
65 | aemp [set|del]framing_format [array] |
| 65 | aemp [set|del]auth_offer [array] |
66 | aemp [set|del]auth_offer [array] |
| 66 | aemp [set|del]auth_accept [array] |
67 | aemp [set|del]auth_accept [array] |
| … | |
… | |
| 463 | The low-level transport protocol betwene two nodes also has a number of |
464 | The low-level transport protocol betwene two nodes also has a number of |
| 464 | configurable options, most of which should not be touched unless you know |
465 | configurable options, most of which should not be touched unless you know |
| 465 | what you are doing. |
466 | what you are doing. |
| 466 | |
467 | |
| 467 | =over 4 |
468 | =over 4 |
|
|
469 | |
|
|
470 | =item [set|del]secure <boolean> |
|
|
471 | |
|
|
472 | Normally, nodes allow anything to be done to them by remote nodes, |
|
|
473 | including remotely-triggered execution of code. |
|
|
474 | |
|
|
475 | Sometimes a more secure mode is desired - this can be achieved by setting |
|
|
476 | the secure option to a true value. |
|
|
477 | |
|
|
478 | When secure mode is enabled, then remote nodes cannot execute code |
|
|
479 | locally, at least not via the normal node protocol. All other messages are |
|
|
480 | still allowed. This means remote nodes can monitor, kill or local ports |
|
|
481 | (port names can be easily guessed). |
|
|
482 | |
|
|
483 | At the moment, this affects C<eval_on> and C<spawn> functionality. |
|
|
484 | |
|
|
485 | The C<configure> function additionally allows you to specify a callback |
|
|
486 | that can grant or suppress such requests on a per-node basis. |
| 468 | |
487 | |
| 469 | =item [set|del]monitor_timeout <seconds> |
488 | =item [set|del]monitor_timeout <seconds> |
| 470 | |
489 | |
| 471 | Sets the default monitor timeout, that is, when a connection to a node |
490 | Sets the default monitor timeout, that is, when a connection to a node |
| 472 | cannot be established within this many seconds, the node is declared |
491 | cannot be established within this many seconds, the node is declared |
| … | |
… | |
| 970 | }, |
989 | }, |
| 971 | ); |
990 | ); |
| 972 | |
991 | |
| 973 | for my $attr (qw( |
992 | for my $attr (qw( |
| 974 | monitor_timeout connect_interval framing_format auth_offer |
993 | monitor_timeout connect_interval framing_format auth_offer |
| 975 | auth_accept autocork nodelay |
994 | auth_accept autocork nodelay secure |
| 976 | )) { |
995 | )) { |
| 977 | $CMD{"set$attr"} = sub { |
996 | $CMD{"set$attr"} = sub { |
| 978 | @ARGV >= 1 |
997 | @ARGV >= 1 |
| 979 | or die "$attr value is missing\n"; |
998 | or die "$attr value is missing\n"; |
| 980 | |
999 | |
