Bitcoin Forum

During the last days I started hacking together a little online-wallet and thought some of you might be interested.

It is based on the bitcoind RPC API for handling accounts and adds custom labels stored in database.

If you want to send coins to a labeled address, just start typing the label and it will autocomplete.

It is a Ruby/Rails application released under the MIT license, so you can setup your own online wallet or even run it locally and use it instead of the default client UI.

Note that this is just a very early development version which still needs a lot of work.

Project/Source: http://open.sourceagency.org/projects/webtc
Demo (testnet): http://webtc.interesthings.de
(There is a demo Account: foo@bar.baz / password, but feel free to create new accounts, the email doesn't have to exist)

Feedback, bug reports, patches and donations welcome :)

Okay, I have deployed some updates, namely

• localized everything and translated to english/german
• account settings for language and units
• display and treat all amounts in the configured unit (BTC, mBTC, uBTC, satoshi)

Despite no replies here, I noticed a few people were checking it out. What do you think? Does it look that bad? ;)

riush, that looks awesome! last night I used my Blu-Ray player to test! Thanks for distributing this as an open source project. It just expanded the world of bitcoin transactions to many new platforms.

it's wonderful. why not find some venture capital, and start a real business around the online wallet storage and payment service?

What do you do for security?

I'm thinking about that, but am not sure if I have the means/skills to cope with all the legal issues arising from taking responsibility for other people's money...
Maybe if we could get some kind of organisation started that can manage all of this - if anyone is interested and has the missing legal/financial experience, please contact me!

That's a very good question, I'm thinking about it a lot.

The way I see it, there are different angles of security (and a few ideas what could be done about them, certainly not complete):

* Account security (someone steals your password or hacks your PC)
- Spending limits
- Transaction Authentication Numbers (TAN) - basically a big block of numbered passwords.
  Would it make sense to send them via email (optionally PGP/GPG encrypted)?
- Email Authentication - Confirmation email with code you have to enter for every transaction
- SMS Authentication - Basically the same but via SMS

* Server security (someone breaks into the server)
- Run a 'frontend' bitcoind and the 'real' (wallet-holding) bitcoind connects only to that
- Maybe run the webserver on yet another machine (but if an attacker were to get on the webserver,
  couldn't he just tell the bitcoind to spend the money - so it doesn't really improve anything..)
- Firewall everything except port 80 (443) on the webserver and a connection between our bitcoind's.

There is also the wallet encryption patch and the key im/export patch coming up. I didn't have time
to try them out yet; I'm really hoping they can be made to work together ;)

My vision is to have each user's keys encrypted separately, with me not having the ability to decrypt
them, until the user sends me a password/key which I'll never store on file anywhere.
Could ask for a password for every transaction, or take the account password and keep it in memory as long as the
session is active.

I'll definitely work on some of this over the weekend :)

Nice!  I like your idea of having it to front bitcoind or something.  I can see me using something like this so I could access my wallet while I'm not at home - much like mybitcoin.   I could even see me hosting it my self in the cloud somewhere so I wouldn't have to worry about my pc crashing or something losing my btc.  I wonder if something like this could run on dropbox? 

Awesome project idea!

Wouldn't dropbox need ruby support?

Deployed another big update: bitcoin key encryption!


This is still a little fragile so please report any bugs you notice.
Unfortunately, I had to dump all accounts so you have to create new ones.

I also fixed an issue with displaying and parsing amounts and added double check in english words on transaction confirmation page.

For those of us who run the server ourselves, there is now a little admin view giving a basic overview of all accounts.
Users have an is_admin column, just set it in the console for now.

I forgot, there's one little problem: /dev/random is running low so generating a gpg key when an account is created takes ages...
For the testing instance I'm now filling /dev/random with 'entropy' from /dev/urandom, which is obviously not the way to go.
Does someone have any ideas about this - do i need a hardware random generator?

Deployed a few updates again. Most notably transaction verification:


In other words, you can define rules like ">1 BTC per day must be verified by email", ">10 BTC per day must be verified by SMS" or ">100BTC per day may never be sent".
When you create a transaction, it applies all matching rules and asks for verification via all the methods.

I'm also planning on implementing various other verification methods like SMS, Jabber, TANs, etc. Any other ideas?

The bitcoin key encryption is now optional, so it can be used with a regular (unpatched) bitcoind again, and every user can choose if he wants it (and thus be responsible for not forgetting his password).

Last but not least, I've startet writing tests for the whole beast, quite random and incomplete yet, but it's a start - if you change something please make sure they pass :)

Cool project. I'll be watching this.

Little warning: Don't use with 0.3.24 - it has a bug where bitcoind doesn't consider the address for newly created accounts as "mine". It's fixed in git master.

Also, fixed a few bugs and added transaction display in admin.

Indeed, very nice.

Glad you like it! Feedback is much appreciated :)

Unfortunately I haven't had much time lately, but I'll definitely try to clear a few hours this week.

Has anybody looked at the code yet? Do you think it's a good idea to basically use the data from bitcoind and 'augment' it with stuff from the database?
The next thing i was planning to do is to better integrate transactions from bitcoind and the database.

Another important thing is how verification rules can be removed. Currently you can just go 'delete', which kinda defeats the whole purpose.
I was thinking to just verify the deletion of the rule with the specified method (to delete an email verification rule, you need to do an email verification, etc).
But I'm not sure what to do about the limits.. Do you think its okay to just wait a week until the weekly limit is removed, for example?

Took a minor detour from what I had planned and implemented support for importing/rebroadcasting offline transactions as implemented by piotr:
https://forum.bitcoin.org/index.php?topic=28278.0

Everyone (not just registered users) can upload an offline transaction and it gets broadcast to the network every half hour until it makes it into a block.
(With a limit of 100 tries in case the transaction is just bogus / will never be accepted)

http://webtc.interesthings.de/transactions/import