mirror of
https://github.com/corda/corda.git
synced 2024-12-25 07:31:10 +00:00
8e7165db41
Previously when de-anonymising a Party instance, the name of the Party was used rather than the key, meaning a Party could be constructed with a random nonsense key and any name, and be treated as corresponding to the well known identity. This is not a security hole in itself as in any real scenario a party shouldn't be trusted without having been registered, it creates a significant risk of a security hole depending on how trusted the anonymous identity is, and the returned identity is considered. |
||
---|---|---|
.. | ||
integration-test | ||
main | ||
test |