Security concern: no alternative implementation of the Erlang node?


#1

Hello,

i just signed up here to ask this question. Currently there is only one implementation of the aeternity node in Erlang. I think this is a security concern. If someone finds a major bug in the current node, they could take down the whole network easily.

I saw that there has been plans in building a node in Elixir, but it seems that the work on that one has stopped.

How does the aeternity team/community plan to overcome this issue? Are there other known teams working on implementations in a different language?

Thank you


#2

This is a good concern. We’re aware of it. One major challenge is to keep up with the current pace of the protocol team that buidls and improves the Erlang implementation. We expect that not to slow down until the end of 2019 but of course the whole aeternity community would welcome people that would work on an alternative implementation (this could also become a community project supported by the aeternity foundation).


#3

yeah, I too would like to see a more portable implementation with less binary requirements for the epoch node. With the ability to have the backend be another type of database too, to be able to add middleware directly into the node?


#4

Yes, this is planned (integrating the middleware) but its a way to go.


#5

The current implementation does support 3 types of databases already, just not SQL which is what you might be looking for I guess (?). It is rather easily extended though, so that shouldn’t be an issue.

But as @emin already mentioned, there is a middleware implementation in progress which does use an SQL database.


#6

I am looking for something like mongo. Not an SQL database.

And I made my own middleware implementation on mongodb/nodejs with https/http proxy.

What databases does the aeternity node support?


#7

That sounds reasonable.

The node supports rocksdb which is not meant to be used another system simultaneously, leveled and straight up disk_log all via Mnesia. If I were to build an external DB I would simply build a Mnesia operation watcher which forwards/translates operations into my external database. Because Mnesia comes with such watch capabilities, this approach should be straightforward, given the willingness to write Erlang code. Otherwise the HTTP APIs are your best bet.

cc @jsnewby


#8

Sadly i do not know erlang, I think the easiest way would be to implement the gossip/noise protocol