Bitcoin Forum
May 26, 2024, 09:44:08 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Project Development > Hosted Wallet Security Checklist
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Hosted Wallet Security Checklist  (Read 770 times)
jordan.dev (OP)
Full Member
***
Offline Offline

Activity: 151
Merit: 100



View Profile WWW
May 05, 2013, 07:36:29 PM
 #1
I want to start a service that offers a hosted wallet, since this is an integral part of almost every Bitcoin related business business, I think it's wise to try to get a security checklist going to ensure to the best possibility the security of the user's funds, and the integrity of the business for customers and investors alike.

Basic permise of the service: webapp that connects as a client to a bitcoind server

Ps. if there is a more comprehensive guide somewhere I'd like to read it!

I'll get it started and add people's suggestions here:

Web-app
  • Ruby on Rails, though given valid expliot concerns it may have to be limited to later just a UI and nothing else. (No direct access to bitcoind wallet)
  • SSL
  • 2 Form-authentication for users

Bitcoin Wallet (Bitcoin JSON-RPC server)
  • SSL Certificate and strong password in request made from web-app to JSON RPC Server
  • Closing all firewall ports except JSONRPC on Bitcoind server
  • Bitcoind running on Ubuntu 12.04, with 1 ssh-key for shell access

Wallet Itself (security of wallet.dat, hot-wallet, cold-storage etc.)
BLOG | PGP | Bitcoin Trading Professionals | Bitfinex Affiliate Code: kwr9f922HS - 10% of trading fees for 30 days | Live Bitfinex Charts
aantonop
Full Member
***
Offline Offline

Activity: 196
Merit: 116


Entrepreneur, coder, hacker, pundit, humanist.


View Profile WWW
May 05, 2013, 07:45:52 PM
 #2
It takes a lot more to secure a hosted wallet than what you suggest here. Is this intended to be an open source project, kinda like blockchain, only open?

If so, that's a good idea.

If you want to do this as a business, you will need a lot more experienced security people to help you or this will quickly become a capture-the-flag platform for hackers.
Bitcoin entrepreneur - OpenBitcoinStore,SafePaperWallet,BitcoinPressCenter.org... and more.
Host on LetsTalkBitcoin.
jordan.dev (OP)
Full Member
***
Offline Offline

Activity: 151
Merit: 100



View Profile WWW
May 05, 2013, 07:55:13 PM
 #3
I guess I should mention that the hosted wallet isn't the core of the business - and I am not opposed to investing in talented security professionals to help secure the service in the future.

I know there are A LOT MORE than the initial list.

I wanted to start this thread as an open forum for developing a longer, more complete list of security precautions based on contributions.

As far as open source, that would be great if there was a set of known security protocols that everyone agreed were minimum MUST HAVEs to even be considered secure.

Quote from: aantonop on May 05, 2013, 07:45:52 PM
It takes a lot more to secure a hosted wallet than what you suggest here. Is this intended to be an open source project, kinda like blockchain, only open?

If so, that's a good idea.

If you want to do this as a business, you will need a lot more experienced security people to help you or this will quickly become a capture-the-flag platform for hackers.
BLOG | PGP | Bitcoin Trading Professionals | Bitfinex Affiliate Code: kwr9f922HS - 10% of trading fees for 30 days | Live Bitfinex Charts
gweedo
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000


View Profile
May 05, 2013, 08:00:24 PM
 #4
Maybe I can license you some of my programs I use behind my scenes to make bitcoind a lot more secure on a stock bitcoind. PM me if interested.
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Project Development > Hosted Wallet Security Checklist
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!