corda

mirror of https://github.com/corda/corda.git synced 2024-12-23 14:52:29 +00:00

History

Ross Nicoll 8e7165db41 CORDA-759: Enforce key checks on identity de-anonymisation (#1993 ) Previously when de-anonymising a Party instance, the name of the Party was used rather than the key, meaning a Party could be constructed with a random nonsense key and any name, and be treated as corresponding to the well known identity. This is not a security hole in itself as in any real scenario a party shouldn't be trusted without having been registered, it creates a significant risk of a security hole depending on how trusted the anonymous identity is, and the returned identity is considered.	2017-11-17 18:13:35 +00:00
..
src	CORDA-759: Enforce key checks on identity de-anonymisation (#1993 )	2017-11-17 18:13:35 +00:00
build.gradle	Corrected isolated.jar excludes for all projects and corrected some test dependencies.	2017-09-22 18:19:07 +02:00

CORDA-759: Enforce key checks on identity de-anonymisation (#1993 )

Previously when de-anonymising a Party instance, the name of the Party was used rather than
the key, meaning a Party could be constructed with a random nonsense key and any name, and be treated as corresponding to the well known identity. This is not a security hole in itself as
in any real scenario a party shouldn't be trusted without having been registered, it creates
a significant risk of a security hole depending on how trusted the anonymous identity is, and
the returned identity is considered.

2017-11-17 18:13:35 +00:00

src

CORDA-759: Enforce key checks on identity de-anonymisation (#1993 )

2017-11-17 18:13:35 +00:00

build.gradle

Corrected isolated.jar excludes for all projects and corrected some test dependencies.

2017-09-22 18:19:07 +02:00