I wonder why the bitcoind client is not allowed to check on the balances of any address as this would cure the problem perfectly
The problem is that it scans a block, but doesn't record all addresses, since that is a massive database.
Basically, it watches for any addresses in its wallet when a new block arrives, but ignores any others.
Why do you want to be able to check any address? If you tell the client in advance what ones you are interested in, then that is probably the best way.
It is not so much "any address" it is however addresses that are not in its own wallet.
I am new to bitcoin integration though, so if my ideas of how it works are wrong please do correct me!
(Basically i want 2 wallets; 1 online to allow checking if a payment was made; And 1 offline to store and have the funds sent too.
My logic "thinks" this is the best way to do things, as then if the server is hacked, it would still not be possible to transfer out my shiny bitcoins)
Thanks
Ford
Bitcoind (the daemon for bitcoin) doesn't support watching wallets however you can create one as a workaround.
On secure computer:
1) create a new wallet, expand the keypool for a reasonably large number based on your expected volume for example 1000 keys and encrypt it. This is the spending wallet.
2) Make a backup of the spending wallet and store in a secure place along with a backup of passphrase.
3) Make a COPY of the spending wallet. On the copy change the passphrase to a random long (like 80+ charecters) passphrase. You should NOT record this passphrase anywhere for any reason. Mashing the keyboard should be sufficient entropy. This is the watching wallet.
You now have two wallets:
spending wallet
never put on public webserver
secure backup
known strong passphrase
watching wallet
put on public webserver
has an unknown and impossible to brute force passphrase
Technically the private keys are still on the server but the wallets is always locked, nobody (not even you) knows how to unlock it so if an attacker steals the "watching wallet" the coins are unspendable.
You can now use RPC calls on the watching wallet to get next address from keypool, check on incoming transactions, etc. Eventually the keypool will be exhausted. Since the watching wallet can not unlock it can't refresh the keypool. You will get an error trying to get the next address once keypool is exhausted. At this point you simply need to repeat step 2 above. Your spending wallet will have refreshed the keypool overtime. You can make a new copy, randomly encrypt it, and transfer the copy to the webserver.
