pablito
Encryption in Elixir's process messaging
Hi, we’re using libcluster + horde to manage process balancing of some genservers. So, we want to get the security right and have an encrypted communication between processes.
I guess that horde messages aren’t so important because they are mostly metadata, but the genservers themselves are communicating between each other and there is some sensitive information in those messages. Is there any library to send those messages encrypted or simply encrypt message before send and decrypt after receive?
Most Liked
shanesveller
You can view this guide to see the facilities for making Distributed Erlang itself use SSL for all communications between nodes:
Just as a doom-and-gloom aside, Distributed Erlang as a paradigm/protocol doesn’t have any notion of meaningful security, privacy, or other boundaries between cluster peers. If you have any concerns that another BEAM node has been successfully compromised by a malicious party, reading inter-process messages is far down the list of possible harm they could do. They could use RPC to delete files, manipulate database rows, plus ~anything the OS user has permission to do. Erlang cookie is also not a terribly useful security mechanism and should be combined with suitable network rules when possible.
kokolegorille
Hello and welcome, You might be interested by…
pablito
We’re not exposing the nodes to the internet. This will run on k8s, so the communication is internal, we’re just exploring this to add an extra level of security. As said by @shanesveller, if a malicious actor has total control of a node, the messages are the least worrying thing. I’m thinking the possibility of another pod compromised on the network that can somehow read these unencrypted messages.








