Bitcoin Forum
November 19, 2017, 08:57:24 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Securing wallet for e-commerce use  (Read 299 times)
giorgiofr
Newbie
*
Offline Offline

Activity: 5


View Profile
November 05, 2013, 02:08:35 PM
 #1

Suppose I want to run a service on a webserver that not only receives but also sends out BTC, like a gambling or an exchange site.
Now suppose I do not trust any external service for sending out transactions, because e.g. recent events make me feel strongly against relying on third parties.
How would I go about running by bitcoind securely on my own server(s) without fear of being compromised? All I can think of is separating bitcoind from the webserver and run all transaction orders via a locked down gateway, probably with some kind of queue system, but this just makes attack surface smaller and does not really solve the problem. Something like webserver <--> order DB <--> bitcoind, with the order db only listening to the one port it needs and requiring encryption + authentication. But I'm not really satisfied with this design.
What are the best practices for this?

Tips: 1MBtY22JBW6bzg8RU4zjYpeaum3jTRJkDe
1511081844
Hero Member
*
Offline Offline

Posts: 1511081844

View Profile Personal Message (Offline)

Ignore
1511081844
Reply with quote  #2

1511081844
Report to moderator
Join ICO Now Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511081844
Hero Member
*
Offline Offline

Posts: 1511081844

View Profile Personal Message (Offline)

Ignore
1511081844
Reply with quote  #2

1511081844
Report to moderator
1511081844
Hero Member
*
Offline Offline

Posts: 1511081844

View Profile Personal Message (Offline)

Ignore
1511081844
Reply with quote  #2

1511081844
Report to moderator
CIYAM
Legendary
*
Offline Offline

Activity: 1862


Ian Knowles - CIYAM Lead Developer


View Profile WWW
November 05, 2013, 02:13:21 PM
 #2

A "hot wallet" (i.e. one running on a server connected to the internet) is always going to be problematic.

Depending upon your needs you'd be better of having coins put into "cold storage" and signing transactions *offline* although that may not be suitable due to delays (especially if you process the *offline* transactions manually).

Typically sites like exchanges use a combination of "hot" and "cold" wallets to provide for quick response but with added security (better to only lose say 10% of the BTC due to a hacker than 100%).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!