 |
November 13, 2012, 07:47:39 PM |
|
I recently posted in a security about how I handle security for my bitcoind, I actually built a "proxy" which is written in java with a couple php cron jobs. A couple people pmed me about releasing or them scoring a copy I never thought I would release so it is kinda hacky, but it got me thinking if enough people want it to be release I can clean it up (which is making it more modular and no php cron jobs) and give it out.
So basically how it works, is that you have your bitcoind running on the same server as this proxy which connects to it (as of now it only connects on a certain port I use and only looks for the localhost this would have to be changed). The proxy is built on top of Jetty giving you a web server, without having to run apache. I wrote it cause security isn't that great with bitcoind, but this extends that, first it eliminates all get methods and every method is passed thru as a post. It also eliminates having to connect to your bitcoind, so no username or passwords in your actual code (I am actually considering if this is on the same server, it will read the bitcoin.conf file for that information), it employs using whitelisted ips and signing each command to the proxy(right now it is just a SHA-1 (probably changing) hash of the method with a secret token that is generated and passed). It also allows you blacklist ips, I never used it but it is there. It also allows time sensitive commands, so if basically it would write that to mysql and php cron job would pick on that if I was decided to release that would be written in java, and no output of that. It also logs every transaction so you can see what was done at what time (It logs, the ip of the server that access the proxy, the method that was called)
This would not be done overnight, it would take awhile actually, cause it was first written as a set of php scripts, then I need more robust so I been slowly converting it into a java program.
Leave questions, comments, and feature request...
|
