ER
Erlang Security
Erlang security practices for distribution security, input validation, and protecting the node cookie
Details
Language / Topic
ErlangCategory
Security
Rules
balanced
- Never use `erl -sname` without a strong, randomly generated `~/.erlang.cookie` — any node with the same cookie can execute arbitrary code.
- Use `-proto_dist inet_tls` with `ssl` application options to encrypt Erlang distribution traffic between nodes in production clusters.
- Never call `erlang:apply(M, F, A)` with user-controlled `M` or `F` values — it allows arbitrary module and function invocation.
- Use `ssl:connect/3` with `{verify, verify_peer}` and `{cacertfile, Path}` for outgoing TLS connections — never use `{verify, verify_none}` in production.
- Restrict exposed Erlang distribution ports with firewall rules — Epmd (4369) and the node port range should never be publicly accessible.
- Validate all external term data received via `binary_to_term/2` with the `[safe]` option — it rejects atoms and funs not already in the atom table.
- Use `crypto:strong_rand_bytes/1` for generating tokens and nonces — never use `rand:uniform` for security-sensitive random values.