corda/node/src
Ross Nicoll 8e7165db41
CORDA-759: Enforce key checks on identity de-anonymisation (#1993)
Previously when de-anonymising a Party instance, the name of the Party was used rather than
the key, meaning a Party could be constructed with a random nonsense key and any name, and be treated as corresponding to the well known identity. This is not a security hole in itself as
in any real scenario a party shouldn't be trusted without having been registered, it creates
a significant risk of a security hole depending on how trusted the anonymous identity is, and
the returned identity is considered.
2017-11-17 18:13:35 +00:00
..
integration-test Stabilise NodeStatePersistenceTests (#2079) 2017-11-17 18:13:10 +00:00
main CORDA-759: Enforce key checks on identity de-anonymisation (#1993) 2017-11-17 18:13:35 +00:00
test CORDA-759: Enforce key checks on identity de-anonymisation (#1993) 2017-11-17 18:13:35 +00:00