1. The Big Things
1.1. Enforced SSL encryption – increased privacy and security
When you start PrizmCore for first time with prizm.apiServerHost=0.0.0.0:
– PrizmCore generates self-signed SSL certificate
– There is a “SSL CERTIFICATE SHA1 FINGERPRINT” message in your log during first run – note the SHA-1 fingerprint of generated certificate. You can compare this fingerprint to the one shown in the browser. If they are equal you can be sure that there is no man-in-the-middle intercepting your connection.
– PrizmCore enables SSL encryption using this certificate
– to open PrizmCore web interface you have to open https://localhost:9976, not the http:// one
– SSL usage is enforced only if the web interface is expected to be accesible from the outer world
– whenever you want you can set up your own self-signed or trusted SSL certificate inside prizm.properties
– browser will warn you, that “Your connection is not private”. It is OK for self-signed certificates – encryption is still works as expected, but your browser does not trust such certificate.
– you can disable SSLEnforce by setting prizm.apiServerEnforceSSL to “false” in prizm.properties
– most significant thigs the SSL does: encrypts your adminPassword (when using administrative APIs), encrypts passphrases of forging users, increases privacy of Web Interface users, protects from man-in-the-middle attacks
1.2 New API: GetAccountChildren – more info about your account
– response contains direct disciples of given account
– response includes balance, amount and disciples count for every of your disciple
– this is “HierarchyAPI” request, so it is available only from localhost by default
– this is not performance-heavy API, so you can open it for outter world
1.3. PrizmCore Web Interface feature “Disciples”
– you can inspect your disciples, their balances, amount, their own disciples count inside the PrizmCore Web Interface
– feature is based on GetAccountChildren API
– this feature is only accessible from localhost
– if you want to make it available for remote clients, set prizm.allowAPIHierarchyOnlyLocalhost to “false” and prizm.allowAPIHierarchyWithoutPassword to “true”. It is also recommended to add “GetAccountHierarchy” to prizm.disabledAPIs to avoid violations
– Feature is available in the side menu for your account, and in “Disciples” tab in any account modal window
– Inside “Disciples” tab displayed disciples count is limited by 100
1.4. Adaptive validation – blockchain sync is faster then ever
– significantly increases blockchain download speed
– blockchain download speed increases with every downloaded block
– max blockchain download speed is reached approximately after 2000 downloaded blocks
– hard/solid drive read time is decreased
– database lock time decreased
– garbage collector delays decreased
1.5 Blokchain recovery – stable and reliable
– PrizmCore now can recover almost any blockchain files inside prizm_db directory
– PrizmCore now can detect blockchain errors during runtime and fix them automatically
– PrizmCore stability is greatly increased
2. The small things:
– change white background under generated passphrase in PrizmCore Web Interface
– generated passphrases in PrizmCore Web Interface now has 19 words instead of 12
– generated passphrases in PrizmCore Web Interface now starts with “prizm” keyword
– generated passphrase entropy bits increased from 128 to 192 bits
– fixed “sidebar not showing during first logon into PrizmCore Web Interface” bug
– forbbidden “GetBlockchainTransaction” for GENESIS account, because bad guys were overloading nodes with public API by spamming this request, you can inspect latest GENESIS transactions inside it’s Account Ledger
– fixed PrizmCore Web Interface translation inaccuracies
– fixed “Error of 364696 block”
– fixed some garbace collector overhead possibilities
– fixed API “getParent – activated by PPPP” error
– fixed PrizmCore hang up during parsing broken transaction bytes
– increased clearness of log messages.