Is Erlang's security via cookies enough?

Question

A thing concerning the security of Erlang's "secret cookie" mechanism.

1. Is that mechanism vulnerable in any way?

2. In case it is prone to unintended penetration should that be a concern?

3. What is your practice for making your Erlang nodes and their communication more secure?

Answer 1

Erlang's cookies are for topology, not for security.

In addition to the comment about ssl distribution, you should use all of the other mechanisms to secure your application that you would use in another environment.