Untrusted distributed nodes?

Is there a way to make the trust between distributed nodes only point in one direction? For instance, allow Node A to spin up processes on Node B, but don’t allow Node B to spin up processes on Node A, while still allowing message passing between them.

Everything I have found so far has pointed me towards thinking that this just goes against how distributed nodes work, but I’m interested if anyone has any thoughts or experience in this type of scenario.

Nope, see also: https://github.com/erlang/otp/wiki/FAQ%3A-What-kind-of-patches-will-be-approved%3F#can-i-write-a-patch-to-increase-the-security-of-the-erlang-distribution

You can implement a custom protocol pretty easily with term_to_binary and the {:packet, n} options to gen_tcp though, if your use case is something like task dispatching.


Thank you for pointing me to that Wiki entry, that’s good info.

My use case is basically task dispatching, with live updates of the tasks being streamed back to a central dispatcher / coordinator. One requirement is that any random person should be able to run the task worker, which then connects to the coordinator to get tasks. I’ll think more about using a custom protocol, was thinking maybe even over websockets to avoid needing port forwarding on the client side.