Bitcoin Forum
March 28, 2024, 07:05:49 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: more secure online processing  (Read 1354 times)
franky1 (OP)
Legendary
*
Online Online

Activity: 4172
Merit: 4357



View Profile
September 15, 2012, 03:31:09 PM
Last edit: September 15, 2012, 03:57:53 PM by franky1
 #1

why does anyone have their webservice/shop URL as the webserver where their wallet is?

isnt it easier to just have some website code on a hosting site (even a free hosting site) not physically attached to their home webserver. which just API calls something like blockchain.info to validate payment received.

even easier to have the home webserver setting up deposit addresses and imports the addreesses to blockchain.info's watch only wallet.

thus as their are no actual funds in the blockchain.info (watch only) wallet. nothing can be stolen.

the hosting site uses the watch only blockchain.info wallet to grab those fresh address lists to display to new customers and then watches for a transaction received.

thus no actual interaction between hosting site and the 'offline' wallet (containing funds.)



shouldn't something like this be a standard practice to prevent hacking?

also the 'offline' wallet holding computer would not need to be set up as a webserver at all.. it would just need to API call the watch blockchain.info to update the watch only list of addresses.

i only use blockchain.info as an example. i think their are probably other ways of doing it

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
1711652749
Hero Member
*
Offline Offline

Posts: 1711652749

View Profile Personal Message (Offline)

Ignore
1711652749
Reply with quote  #2

1711652749
Report to moderator
1711652749
Hero Member
*
Offline Offline

Posts: 1711652749

View Profile Personal Message (Offline)

Ignore
1711652749
Reply with quote  #2

1711652749
Report to moderator
1711652749
Hero Member
*
Offline Offline

Posts: 1711652749

View Profile Personal Message (Offline)

Ignore
1711652749
Reply with quote  #2

1711652749
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711652749
Hero Member
*
Offline Offline

Posts: 1711652749

View Profile Personal Message (Offline)

Ignore
1711652749
Reply with quote  #2

1711652749
Report to moderator
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1063


Gerald Davis


View Profile
September 15, 2012, 03:58:05 PM
 #2

Why do you assume nobody does that?
franky1 (OP)
Legendary
*
Online Online

Activity: 4172
Merit: 4357



View Profile
September 15, 2012, 04:00:46 PM
Last edit: September 15, 2012, 06:20:14 PM by franky1
 #3

Why do you assume nobody does that?

... hmm.. bitcoinica, bitfloor, intersango, to name just a few....

i dont assume no one does it. i just feel that it should be standard practice for all new developments to do this.

when reading developers making their retail webstores and/or exchanges, i see them making their home computers into webservers. which leads me to believe their wallet would be located on same IP address.. risky

and others use instawallet secret URL in their sourcecode which can easily allow hackers to send funds out of wallet.

easier and cheaper to just buy some secure hosting. and API call everything though a watch only blockchain.info.

atleast using the watch only method separates the hosting site from any hacks to gain private keys to transfer funds.

any other suggestions for safer methods to still allow hosting site instant information about payments without actually holding a funded wallet nearby?

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
September 15, 2012, 08:57:41 PM
 #4

Why do you assume nobody does that?

... hmm.. bitcoinica, bitfloor, intersango, to name just a few....


BitFloor hasn't described many of the details regarding that security breach other than to say it was a "forgotten unencrypted backup".  So they may have had an adequately secured webserver with an inert wallet but were still left completely vulnerable due to poor security practices on a completely different system.

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


franky1 (OP)
Legendary
*
Online Online

Activity: 4172
Merit: 4357



View Profile
September 15, 2012, 11:01:09 PM
 #5

im not going into discussions about specific websites.

back to topic at hand

setting up a more secure website to prevent hacking from stealing your coins by not having the wallet even on the hosting server.

anyone else got other suggestions how developers can avoid having wallets on hosting server. apart from using
watch only blockchain.info

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
September 16, 2012, 01:24:30 AM
 #6

anyone else got other suggestions how developers can avoid having wallets on hosting server. apart from using
watch only blockchain.info

Here's a wiki article with some suggestions:
 
 - http://en.bitcoin.it/wiki/Securing_online_services


Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


franky1 (OP)
Legendary
*
Online Online

Activity: 4172
Merit: 4357



View Profile
September 16, 2012, 02:12:00 AM
 #7

cheers for a wiki link with lots of jargon..

but ill start a list:
blockchain.info
bitcoinmonitor.net

any others?

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
September 16, 2012, 05:30:08 AM
 #8

any others?

Yup:

Quote
No keys are stored by us. We simply provide a convenient overview.

- http://acceptbit.com/

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


franky1 (OP)
Legendary
*
Online Online

Activity: 4172
Merit: 4357



View Profile
September 16, 2012, 06:52:24 PM
 #9

im just trying to understand the most secure way to impliment a webstore avoiding hacking and wallet theft.

is this flow diagram the basic best way to do it. totally avoiding using blockchain.info, bitcoinmonitor and other watch list services completely


I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
btharper
Sr. Member
****
Offline Offline

Activity: 389
Merit: 250



View Profile
September 17, 2012, 12:04:07 AM
 #10

Your diagram looks pretty good, though falling back to another method of payment verification isn't a bad idea so your site doesn't break if you have to reboot your computer running the client.

Also, if the server is hacked the controlling party can supply forged deposit addresses, much lower impact but still problematic. Imagine if all of MtGox's BTC deposits went to someone else, even if only for a few hours.

One way I've thought to protect what would be the secret scripts on your diagram is to encrypt them and add a wrapper around them that required the decryption key as a POST parameter just to unlock such a script. To prevent a wrapper being placed around that to intercept the key it would need to verify itself and possibly some of the surrounding environment. Then the script would need to provide an appropriate response to confirm it's own identity. Messy, but if done correctly hopefully secure.
markm
Legendary
*
Offline Offline

Activity: 2940
Merit: 1090



View Profile WWW
September 17, 2012, 09:44:59 AM
 #11

People have been worrying at this problem since the invention of the web.

Basically it seems to come down to either web browsers are not cut out for this or some kind of plugin or extension or a new data type that fired up an external application to "display" it is needed.

Open Transactions for example plans to have a daemon aka "systray icon" on the user's end that all kinds of applications including browsers, instant messenger clients, videochat clients etc etc etc will talk to for any financial transactions. This encapsulates the finance stuff with all its rigorous security concerns from the normal day to day apps used to surf pr0n and download wares...

At the webserver end this would presumably just involve using some new kind of URL that tells the browser to fire up whatever application the user's desktop has been configured to use to handle that new, financial transactions oriented, type of URL.

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Insu Dra
Full Member
***
Offline Offline

Activity: 182
Merit: 100



View Profile
September 17, 2012, 08:36:58 PM
 #12



I agree with the notion of not having a hot wallet inside the same hosting location. But ...

To me it looks like the hot wallet is linked to the Internet ? Anny server that holds a hot wallet needs to limit connections to specified local ip's and under no circumstances should it be talking directly to the Internet.  You need to keep it inside a local network with some type of proxy('s) and/or router(s) in between the protected data and the public.

Personally, for any medium to large scale service. I would add multiple proxy servers in to the mix to fully randomize the from and to traffic, think onion routing.

Why do you assume nobody does that?
... hmm.. bitcoinica, bitfloor, intersango, to name just a few....

These services would not work under your construction, they all require data to go from the web service to the hot wallet (client). Why ? All these services offered the user the option to withdraw btc ... If you do not directly send the withdraw info to the client, the client would have to request and get access to it somehow, as a result these services need traffic back to the client.

So unless you add human interaction in to the mix ... and that would open a whole other can of worms.

"drugs, guns, and gambling for anyone and everyone!"
franky1 (OP)
Legendary
*
Online Online

Activity: 4172
Merit: 4357



View Profile
October 04, 2012, 04:01:09 AM
Last edit: October 04, 2012, 04:31:00 AM by franky1
 #13

cheers for the tips guys


I agree with the notion of not having a hot wallet inside the same hosting location. But ...

To me it looks like the hot wallet is linked to the Internet ? Anny server that holds a hot wallet needs to limit connections to specified local ip's and under no circumstances should it be talking directly to the Internet.

my diagram is where the website top blue box never talks to the 'local computer' /home computer containing the wallet.
so it never has out going communications.. it just puts everything into data bases on website and the home computer reads it remotely.



These services would not work under your construction, they all require data to go from the web service to the hot wallet (client). Why ? All these services offered the user the option to withdraw btc ... If you do not directly send the withdraw info to the client, the client would have to request and get access to it somehow, as a result these services need traffic back to the client.

So unless you add human interaction in to the mix ... and that would open a whole other can of worms.

my diagram offer the ability to withdraw.
simply by having a database on website side that stores withdrawal requests.
EG "user: xyd command: withdrawal amount: 2btc"


i have even thought of limiting what stuff would go into the database eg no addresses in the withdrawal request database, just a username and an amount so hackers cant just put withdraw 1mill BTC to adress 1lsssflsdflsdgobledegoop

and the home/local / hotwallet pc just accesses that database remotely and processes the commands as soon as they enter the database. and uses the verified address stored on home computer. so hackers cannot change the location.

the website never has ip addresses of the home PC listed or required. because the website never talks TO the home pc (no out going comms) just has incoming comms.

imagine it like ur the website. u write down a command onto a piece of paper "wife wants $5,000" and face it to a window.. me a home pc has a sniper scope pointed at you and reads the paper from a distance.. u cant see me but i can see you. anyone else who hacks in and reads your paper wont know ur wifes real name or where she is located.

i was thinking that the home computer that adds new addresses to the 'new deposit addresses' checks the addresses each time to compare them to the addresses saved in the hotwallet and sends the sql command to delete alien addresses from the website database. thus hackers might have 1 minute chance of adding a fresh address in before the database resets with just valid fresh addresses provided only by the hot wallet

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!