Skip to content

Security issue #1

Closed
haplosgames opened this Issue Aug 8, 2012 · 1 comment

3 participants

@haplosgames

I noticed that you are using -setcookie as an option in the flashpolicy file. Isn't this a huge security issue for someone who uses this erlang application and does not change or remove the setcookie option?

@mk
saulabs member
mk commented Aug 8, 2012

You're right, this is an issue when not running behind a firewall. Feel free to create a pull request that provides a fix.

@bharendt bharendt added a commit that closed this issue Aug 8, 2012
@bharendt bharendt Use random cookie when starting policy server node.
Also bind epmd to loopback interface only, when it is started by the erl command.
(This does not affect the epmd configuration if epmd was already started!)

fixes #1
faf5b3a
@bharendt bharendt closed this in faf5b3a Aug 8, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.