|
Title: Script review before presenting to PHP developer meetup Post by: Bungeebones on October 28, 2014, 03:54:20 PM Hey everybody,
I don't consider myself a "developer" (more a hacker) but as the co-organiser of the Bitcoin Orlando Meetup and a member of the local PHP Developers Meetup I may be on the ticket to do a presentation on the coding aspects of running a Bitcoin node. The topic I am going to be presenting is how I got a bitcoin node running on a VPS connected and sending its results to a shared hosting server (where the full node can't be installed). I've had the script running smoothly for a few months now. The only issue is that the server will shut off occasionally (it has happened maybe four times in the last four months). I released my work as open source and this is also the first time I have ever released any of my work that way so please be careful with the cherry. Could I ask for some help reviewing the release before I give the presentation a week from today? Despite my own lack of experience and credentials there was no one in the PHP developers that has any experience with Bitcoin. It would be a great help if before I present this it has had some peer review at least equal or better than their level. Could I get some volunteers to look it over, perhaps install it and to critique and even submit some changes? Thanks. The script is on Github at https://github.com/Bungeebones/bitcoin_gateway (https://github.com/Bungeebones/bitcoin_gateway) Also ... I may be posting a link to this thread on our http://www.meetup.com/Bitcoin-Orlando/ (http://www.meetup.com/Bitcoin-Orlando/) page as well as the PHP Meetup page so your reply may be presented to bigger audience. Title: Re: Script review before presenting to PHP developer meetup Post by: LuaPod on November 10, 2014, 01:17:01 AM Your systems could easily be spoofed upon a database breach. I believe you should take a look at forms of verification to prove where the transaction is from and who it is to. The server should also have a method of proving it allowed the transaction within the system. Otherwise once a hacker gets inside they will have a hayday with your money. Other things to think about adding are systems such as solvency ensurer.
In my system I use private keys that are generated on the browser. The users use them when making requests so that their requests can not be faked by another person. Their requests are also usable once unless they sign again and send a new signature. You should really take a look at reworking your whole account structure. |