… | |
… | |
485 | Sometimes a more secure mode is desired - this can be achieved by setting |
485 | Sometimes a more secure mode is desired - this can be achieved by setting |
486 | the secure option to a true value. |
486 | the secure option to a true value. |
487 | |
487 | |
488 | When secure mode is enabled, then the node will not execute code locally, |
488 | When secure mode is enabled, then the node will not execute code locally, |
489 | at least not via the normal node protocol. All other messages are still |
489 | at least not via the normal node protocol. All other messages are still |
490 | allowed. This means remote nodes can monitor, kill or local ports (port |
490 | allowed. This means remote nodes can monitor, kill or snd to local ports |
491 | names can be easily guessed). Specifically, note that the very common |
491 | (port names can also be easily guessed). |
492 | "send me a list that I prepend to my reply message" idiom can easily |
|
|
493 | be used to subvert this security mechanism by asking a trusted node to |
|
|
494 | "reply" to some other message. |
|
|
495 | |
492 | |
496 | At the moment, this setting affects C<snd_on>, C<eval_on> and C<spawn> |
493 | At the moment, this setting ignores C<snd_on>, C<eval_on> and C<spawn> |
497 | functionality. |
494 | requests. |
498 | |
|
|
499 | The C<configure> function additionally allows you to specify a callback |
|
|
500 | that can grant or suppress such requests on a per-node basis. |
|
|
501 | |
495 | |
502 | =item [set|del]monitor_timeout <seconds> |
496 | =item [set|del]monitor_timeout <seconds> |
503 | |
497 | |
504 | Sets the default monitor timeout, that is, when a connection to a node |
498 | Sets the default monitor timeout, that is, when a connection to a node |
505 | cannot be established within this many seconds, the node is declared |
499 | cannot be established within this many seconds, the node is declared |