Is SSL in Erlang guaranteed to be contained within each process/client/connection?
Question
When using software powered by OpenSSL, if past experience is any indication (cough heartbleed cough), any client can peek into the private address space of any other client, making SSL not only pointless, but, in fact, counteractive to what it is supposed to accomplish.
What about the SSL in Erlang?
Erlang, being a functional programming language, guarantees that each process/client runs independent each other.
Does the isolation guarantees extend to SSL in Erlang, or is there some sort of a shared something somewhere?
1 answers
solution1
0 2016-11-09 16:47:13
Looks like misunderstanding here. SSL/TLS is transport layer. The only thing SSL is made for is for securely transferring data between two sockets. SSL meant to be transparent for application. Erlang and any other language has nothing to do with it's security. Once SSL decrypts data it passes it to the rest of the application in unencrypted form. So it's entirely up to you how to isolate this unencrypted data.
In other words: if you think Erlang is uber-secure language that will somehow magically solve security problems for you - it is not.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.