Erlang has builtin distribution, which is secured by a secret cookie.
There have been some discussion about the possibility of brute-forcing this 

Looking at the cookie generation code we are the opinion that there is not 
enough entropy.

That is why we advise strongly to use a different cookie than the one
generated by Erlang.

For this we have a simple script that you might run from the Zotonic/Erlang 

The script replaces the content of the “.erlang.cookie” file in the Zotonic home
directory and then sets the cookie of the running system to the newly generated

First connect with your Erlang shell:

$ bin/zotonic shell

Then run the following (assuming you have a UNIX alike system):

Cookie = base64:encode(crypto:strong_rand_bytes(30)),
F = filename:join(os:getenv("HOME"), ".erlang.cookie"),
CurrCookie = atom_to_binary(erlang:get_cookie(), utf8),
{ok, CurrCookie} = file:read_file(F),
ok = file:change_mode(F, 8#600),
ok = file:write_file(F, Cookie),
erlang:set_cookie(node(), binary_to_atom(Cookie, utf8)),
ok = file:change_mode(F, 8#400),
binary_to_atom(Cookie, utf8)

If the above doesn’t work, then you can do it manually:

1. Find the “.erlang.cookie” file in your Zotonic home directory.
2. Stop Zotonic
3. Replace the contents of the file
4. Start Zotonic.

Kind regards,



You received this message because you are subscribed to the Google Groups 
"Zotonic developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to zotonic-developers+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to