In Chapter 4 (p. 101) in the section on receiving messages, discussing
the go() receive clause ...
4 go() ->
5 Pid = spawn(echo, loop, []),
6 Pid ! {self(), hello},
7 receive
8 {Pid, Msg} ->
9 io:format("~w~n",[Msg])
10 end,
11 Pid ! stop.
... we are told that line 8's matching on a pre-defined Pid "is a good
(but not entirely secure) way" of validating an incoming message.
Please could someone describe briefly why this is not entirely secure
(i.e., what are its vulnerabilities) and what kind of thing one could
do for a more secure method?
Best wishes
Ivan
go() ->
Pid = spawn_link(echo, loop, []),
Ref = make_ref(),
Pid ! {self(), Ref, hello},
receive
{Ref, Msg} ->
io:format("~w~n",[Msg])
after 1000 ->
erlang:error(timeout)
end,
Pid ! stop.
or
go() ->
{Pid, MRef} = spawn_monitor(echo, loop, []),
Ref = make_ref(),
Pid ! {self(), Ref, hello},
receive
{Ref, Msg} ->
io:format("~w~n",[Msg]);
{'DOWN',MRef,process,Pid,Reason} ->
erlang:error({unexpected_die, Reason})
after 1000 ->
erlang:error(timeout)
end,
Pid ! stop,
erlang:demonitor(MRef, [flush]).
and this is still not enough for proper process handling. Use OTP for it.
> --
> Erlang Programming Website:
> http://www.erlangprogramming.org/
>
--
--Hynek (Pichi) Vychodil
Analyze your data in minutes. Share your insights instantly. Thrill
your boss. Be a data hero!
Try GoodData now for free: www.gooddata.com
Thanks for your comment. It hadn't occurred to me that some other
process could send {Pid, Msg}, but of course I can see it now. I look
forward to learning more about OTP.
Best
Ivan