Security in sending out coins via secondary server

[Nullu]

I'm creating a service that will send out coins to users. The system that determines the payouts will be seperate to the one that sends them. (All due payouts will be stored in a mysql table and then retrieved by the secondary system for sending).

Aside from the obvious security concerns of ensuring my database can't be hacked/injected and so the payouts not be manipulated, or the service itself can't be exploited, are there any security considerations for the secondary system? As I'll be sending out a lot of coins, I feel having a cold wallet on a seperate machine would be ideal, however would the payouts be traceable to that machine in any way?

The wallet can be locked when not in use, however the secondary system will be online regularly, so I'm wondering what else I need to do to protect the coin storage.

[DannyHamilton]

- snip -
I feel having a cold wallet on a seperate machine would be ideal, however would the payouts be traceable to that machine in any way?
- snip -

A "cold wallet" cannot send any funds. If the system is connected to the internet, then it is not a cold wallet.

You should store most of your bitcoins in a cold wallet.  You should only store enough bitcoins on the internet connected wallet to handle a typical amount of payouts.  If an abnormal amount of payouts occurs, your internet connected wallet will become empty and you will need to transfer more bitcoins from your cold wallet.  This will give you a chance to review what has happened and make sure that all the payouts were legitimate before providing your users access to additional funds.