| … | |
… | |
| 485 | Sometimes a more secure mode is desired - this can be achieved by setting |
485 | Sometimes a more secure mode is desired - this can be achieved by setting |
| 486 | the secure option to a true value. |
486 | the secure option to a true value. |
| 487 | |
487 | |
| 488 | When secure mode is enabled, then the node will not execute code locally, |
488 | When secure mode is enabled, then the node will not execute code locally, |
| 489 | at least not via the normal node protocol. All other messages are still |
489 | at least not via the normal node protocol. All other messages are still |
| 490 | allowed. This means remote nodes can monitor, kill or local ports (port |
490 | allowed. This means remote nodes can monitor, kill or snd to local ports |
| 491 | names can be easily guessed). Specifically, note that the very common |
491 | (port names can also be easily guessed). |
| 492 | "send me a list that I prepend to my reply message" idiom can easily |
|
|
| 493 | be used to subvert this security mechanism by asking a trusted node to |
|
|
| 494 | "reply" to some other message. |
|
|
| 495 | |
492 | |
| 496 | At the moment, this setting affects C<snd_on>, C<eval_on> and C<spawn> |
493 | At the moment, this setting ignores C<snd_on>, C<eval_on> and C<spawn> |
| 497 | functionality. |
494 | requests. |
| 498 | |
|
|
| 499 | The C<configure> function additionally allows you to specify a callback |
|
|
| 500 | that can grant or suppress such requests on a per-node basis. |
|
|
| 501 | |
495 | |
| 502 | =item [set|del]monitor_timeout <seconds> |
496 | =item [set|del]monitor_timeout <seconds> |
| 503 | |
497 | |
| 504 | Sets the default monitor timeout, that is, when a connection to a node |
498 | Sets the default monitor timeout, that is, when a connection to a node |
| 505 | cannot be established within this many seconds, the node is declared |
499 | cannot be established within this many seconds, the node is declared |
