“Using Erlang in a Web Start-up”


In “Using Erlang In A Web Start-Up,” Gordon Guthrie (hypernumbers.com) summarises the structural problem that Erlang environments bring to the Solution and the Security Architect:

“Security is the  Achilles heel of Erlang. Due to the trusted nature of telephony networks (at least compared to the internet)Erlang has no security.  All nodes in an Erlang cluster are implicitly trusted by all other nodes and once a bad egg gets access to one, they get full access to all. Bastion security, sacrificing front-tier machines in the name of data security, […]  is simply impossible. The entire Erlang cluster needs to be wrapped in another security layer to provide indirection.” (Page 35)

This is what I meant in previous posts when saying that Erlang and OTP are “dependent” when considered from the point of view of Solution Architecture, i.e. they depend on other components and in particular on the Operating System and Infrastructure to achieve a meaningful level of assurance.

(Source: http://www.scribd.com/doc/32838204/Hypernumbers-Whitepaper-Using-Erlang-In-Web-Startups )