This is an open question, but it’s something I’ve been thinking about as I play around with processes and state for a game. (Background: I’ve got multiple “player” modules/processes competing in a “game” of survival).
Sometimes, I want certain bits of data to be “private”, so that other processes cannot read it or write to it. In my case, a player module might need to know some things about another player module in order to “compete” against it, but as soon as you know the other player’s PID, it might be possible to see data that you’re not supposed to see or worse, to overwrite data. (This scenario might make more sense if I asked 100 people to each contribute their own player module to a “tournament” – the code won’t work if they don’t implement the defined behaviours/callbacks, but there’s no guarantee that people won’t peek into the PIDs).
So my question is: What strategies are there in Elixir/Erlang for keeping data private? The only thing that comes to mind is the simple (albeit sometimes tedious) structuring of code that would ensure:
- only passing along bits of data that is safe to be read
- being very careful when dispatching execution that updates data
- guarding PIDs carefully (i.e. don’t reveal them unnecessarily)
Related question: Is there any way to enumerate PIDs? Just eyeballing my simple spawned processes, it looks the the PIDs are very much incremental. How would one go about about enumerating PIDs? Coming from a cybersecurity background, it doesn’t appear that it would be difficult to start guessing PIDs and eventually find one that I could use to read or update data (e.g. on another player, in the case of my game). I could rework the “game” code in my case so that player processes were stopped and started to minimize peeking, but it wouldn’t eliminate the possibility (and it would vastly complicate/slow-down the code).