Hi, Erlang has builtin distribution, which is secured by a secret cookie. There have been some discussion about the possibility of brute-forcing this cookie.
Looking at the cookie generation code we are the opinion that there is not enough entropy. That is why we advise strongly to use a different cookie than the one generated by Erlang. For this we have a simple script that you might run from the Zotonic/Erlang shell. The script replaces the content of the “.erlang.cookie” file in the Zotonic home directory and then sets the cookie of the running system to the newly generated cookie. First connect with your Erlang shell: $ bin/zotonic shell Then run the following (assuming you have a UNIX alike system): begin Cookie = base64:encode(crypto:strong_rand_bytes(30)), F = filename:join(os:getenv("HOME"), ".erlang.cookie"), CurrCookie = atom_to_binary(erlang:get_cookie(), utf8), {ok, CurrCookie} = file:read_file(F), ok = file:change_mode(F, 8#600), ok = file:write_file(F, Cookie), erlang:set_cookie(node(), binary_to_atom(Cookie, utf8)), ok = file:change_mode(F, 8#400), binary_to_atom(Cookie, utf8) end. If the above doesn’t work, then you can do it manually: 1. Find the “.erlang.cookie” file in your Zotonic home directory. 2. Stop Zotonic 3. Replace the contents of the file 4. Start Zotonic. Kind regards, Marc -- --- You received this message because you are subscribed to the Google Groups "Zotonic developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to zotonic-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.