… | |
… | |
57 | aemp delprofile <name> # eradicate the named profile |
57 | aemp delprofile <name> # eradicate the named profile |
58 | aemp showprofile <name> # display given profile |
58 | aemp showprofile <name> # display given profile |
59 | aemp showconfig <name> ... # display effective config |
59 | aemp showconfig <name> ... # display effective config |
60 | |
60 | |
61 | # node configuration: low-level protocol |
61 | # node configuration: low-level protocol |
|
|
62 | aemp [set|del]secure <boolean> |
62 | aemp [set|del]monitor_timeout <seconds> |
63 | aemp [set|del]monitor_timeout <seconds> |
63 | aemp [set|del]connect_interval <seconds> |
64 | aemp [set|del]connect_interval <seconds> |
64 | aemp [set|del]framing_format [array] |
65 | aemp [set|del]framing_format [array] |
65 | aemp [set|del]auth_offer [array] |
66 | aemp [set|del]auth_offer [array] |
66 | aemp [set|del]auth_accept [array] |
67 | aemp [set|del]auth_accept [array] |
… | |
… | |
463 | The low-level transport protocol betwene two nodes also has a number of |
464 | The low-level transport protocol betwene two nodes also has a number of |
464 | configurable options, most of which should not be touched unless you know |
465 | configurable options, most of which should not be touched unless you know |
465 | what you are doing. |
466 | what you are doing. |
466 | |
467 | |
467 | =over 4 |
468 | =over 4 |
|
|
469 | |
|
|
470 | =item [set|del]secure <boolean> |
|
|
471 | |
|
|
472 | Normally, nodes allow anything to be done to them by remote nodes, |
|
|
473 | including remotely-triggered execution of code. |
|
|
474 | |
|
|
475 | Sometimes a more secure mode is desired - this can be achieved by setting |
|
|
476 | the secure option to a true value. |
|
|
477 | |
|
|
478 | When secure mode is enabled, then remote nodes cannot execute code |
|
|
479 | locally, at least not via the normal node protocol. All other messages are |
|
|
480 | still allowed. This means remote nodes can monitor, kill or local ports |
|
|
481 | (port names can be easily guessed). |
|
|
482 | |
|
|
483 | At the moment, this affects C<eval_on> and C<spawn> functionality. |
|
|
484 | |
|
|
485 | The C<configure> function additionally allows you to specify a callback |
|
|
486 | that can grant or suppress such requests on a per-node basis. |
468 | |
487 | |
469 | =item [set|del]monitor_timeout <seconds> |
488 | =item [set|del]monitor_timeout <seconds> |
470 | |
489 | |
471 | Sets the default monitor timeout, that is, when a connection to a node |
490 | Sets the default monitor timeout, that is, when a connection to a node |
472 | cannot be established within this many seconds, the node is declared |
491 | cannot be established within this many seconds, the node is declared |
… | |
… | |
970 | }, |
989 | }, |
971 | ); |
990 | ); |
972 | |
991 | |
973 | for my $attr (qw( |
992 | for my $attr (qw( |
974 | monitor_timeout connect_interval framing_format auth_offer |
993 | monitor_timeout connect_interval framing_format auth_offer |
975 | auth_accept autocork nodelay |
994 | auth_accept autocork nodelay secure |
976 | )) { |
995 | )) { |
977 | $CMD{"set$attr"} = sub { |
996 | $CMD{"set$attr"} = sub { |
978 | @ARGV >= 1 |
997 | @ARGV >= 1 |
979 | or die "$attr value is missing\n"; |
998 | or die "$attr value is missing\n"; |
980 | |
999 | |