What kind of programmer do I need to make a web wallet?

[karsyla]

Hello,

What kind of programmer do I need in order to create a secure web wallet? (so it could not be hacked easily) Any programmer could do that, or does he have to be a master of blockchain? If a programmer has 7 years of experience in programming, but knows nothing about crypto and blockchain, is he a viable option or not?

What I want to know here, does the guy has to possess some specific knowledge or any advanced programmer could build the code?

[1714928331]

1714928331

[1714928331]

1714928331

[1714928331]

1714928331

[1714928331]

1714928331

[aleksej996]

A programmer needs to understand that private keys should be highly secured and usually web developers don't get involved with private keys or this type of issues. It is very possible that the programmer could make some obvious design flaw if he knows nothing about crypto, but no one can know how he/she will handle it. You obviously need some research, at least, to make a working web wallet in the first place.

No one knows how that person will handle it, but some additional understanding will have to be acquired.

[DannyHamilton]

Hello,

What kind of programmer do I need in order to create a secure web wallet? (so it could not be hacked easily) Any programmer could do that, or does he have to be a master of blockchain? If a programmer has 7 years of experience in programming, but knows nothing about crypto and blockchain, is he a viable option or not?

If he "knows nothing about crypto and blockchain", then there would be a risk that he would not know how to protect against mistakes that could lead to a loss of funds.  It is possible that he could learn, but his lack of experience would be a concern.

What I want to know here, does the guy has to possess some specific knowledge or any advanced programmer could build the code?

Knowledge of cryptography and what risks exist would be important if you want it to actually be secure.

I'm not sure what you mean by "web wallet", but anything that I'd call a "web wallet" I would never consider to be "secure".

[nibor]

A developer with a big team of security experts, a team to ensure segregation of duties etc....

Every Tom, Dick and Harry (including the people hosting your site, cleaning your office, working for you) will be trying to hack in...

Don't even think of doing it in your bedroom on your own - many have tried - had a nightmare and failed. Then been worried about the police coming knocking as everyone assumes you were not hacked - but that you stole it and pretended you were hacked!

[karsyla]

Knowledge of cryptography and what risks exist would be important if you want it to actually be secure.

I'm not sure what you mean by "web wallet", but anything that I'd call a "web wallet" I would never consider to be "secure".

I know web wallets are never perfectly secured, but there are lots of them and they still are able to survive.
What I would like to get set up, is a simple bitcoin exchange, and the first step to that is a wallet. A simple web wallet with some individual modifications (every transactions gets new address etc.), which would enable bitcoin transactions.

So, what programming language a programmer must know in order to set up a 'base' of this exchange/wallet?
I am not talking about putting it in a web here, I would even say a web developer, since I believe it is a pure programming.
I would have one guy to set up this foundation of the system itself (the wallet) and another guy putting it on the web and doing the interface etc.

[karsyla]

A developer with a big team of security experts, a team to ensure segregation of duties etc....

Every Tom, Dick and Harry (including the people hosting your site, cleaning your office, working for you) will be trying to hack in...

Don't even think of doing it in your bedroom on your own - many have tried - had a nightmare and failed. Then been worried about the police coming knocking as everyone assumes you were not hacked - but that you stole it and pretended you were hacked!

Believe me, I will not do it myself, because I am not a programmer. Believe me how I wish I could do it myself though...

[valucash]

Why go through all the trouble?, look for a good opensource web wallet and customize it, you are good to go.

[suzanne5223]

The kind of programmer you need will be someone who is good in security aspect and must understand how the block chain/crypto currency network work. However, the place to find what you're looking for is github.

[J.Werner]

how many a secure web wallet do not create, still there is someone who can hack it...

[mensa84]

Hello,

What kind of programmer do I need in order to create a secure web wallet? (so it could not be hacked easily) Any programmer could do that, or does he have to be a master of blockchain? If a programmer has 7 years of experience in programming, but knows nothing about crypto and blockchain, is he a viable option or not?

What I want to know here, does the guy has to possess some specific knowledge or any advanced programmer could build the code?

For webwallet need know:
-> php or python
-> mysql

For cold wallet
-> it is necessary to understand api (ex. qt wallet api)
-> unix

You need to use two different servers
-> First server = web wallet
-> Second server = cold wallet

[YIY Company]

html + css + js + node.js/python/php + SQL/mongoDB + react/angular/vue

[bob123]

A programmer should not only be able to code some stuff, he should understand what he is doing.
You need a programmer who has experience in designing blockchain-applications.
On top of that you need a programmer who understands what "Security by Design" means. Not just a self-taught wannabe coder.
There is a lot of stuff going on in the web. Standing still in this business is regression.
You should rather pay a good fee to a good programmer if you want to have a good product in the end.

[CryptoSpark]

You need to understand many areas to be able to develop a safe web wallet.

> Infrastructure including setting up WAF's, hardened servers and placing sensitive components on servers behind multiple layers of security from Network Security Groups that restrict access to DMZ's. You can't just stick keys and services on a server near to the Internet, there has to be layers of security providing defence in depth. Assume your server will be attacked by the best hackers out there and then add even more security.

> For the front end itself you can use any technology you like as long as its used well. Javascript, .NET web applications, whatever takes your fancy.

> Again, don't do anything crypto on the web server, be very paranoid and consider those encryption to be the most precious object in the world.

> Then when you're 100% sure that you're security is tight, pen test it to pieces and run plenty of vulnerability scans.


But to answer your question, use whatever web technology you are most comfy with because it's more about understanding the risks and strengths of the technology. I'd rather an experienced php developer write an app in php than to try to write one in .NET just because .NET has a better reputation in terms of security.

[BenOnceAgain]

Deploying a web wallet for cryptocurrency, especially Bitcoin, is basically painting a huge "HACK ME" sign on your entire infrastructure -- websites, DNS, email, backend, telephones, ISP, physical location, etc.  Even your social media and marketing needs to be resilient -- phishing attacks have occurred.

Strong security audits of infrastructure and codebase are essential to do prior to launch and on an ongoing basis.  Appropriate policies and procedures for back office functions are also essential to ensuring that your employees or team members do not succumb to temptation.  Basically you should extend a "trustless" model to your entire operation with multiple layers of fail safe measures.  And careful audits/monitoring during operations.

Think about it... what measures would you want a web wallet to take to protect YOUR BTC?  What measures would you want your bank to take to protect your fiat?

That's where you start.  And you have to keep track of vulnerabilities because they're discovered all the time in all manner of the software you'd need for a web stack.

Etc, etc, etc.  Banks keep money in vaults.  You need to build the digital equivalent of a vault to extend over your entire operation.

[matthewcampbell]

Hello,

What kind of programmer do I need in order to create a secure web wallet? (so it could not be hacked easily) Any programmer could do that, or does he have to be a master of blockchain? If a programmer has 7 years of experience in programming, but knows nothing about crypto and blockchain, is he a viable option or not?

What I want to know here, does the guy has to possess some specific knowledge or any advanced programmer could build the code?

It is not hard to make a web wallet. The hard part is understanding security. So browser based attacks like XSS and what not. If you haven't been coding in industry for a long time, I think you should avoid doing this. Last thing we need is another insecure wallet or exchange that gets hacked.