Bitcoin Forum
May 21, 2018, 09:34:14 PM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Securing wallet for e-commerce use  (Read 302 times)
giorgiofr
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
November 05, 2013, 02:08:35 PM
 #1

Suppose I want to run a service on a webserver that not only receives but also sends out BTC, like a gambling or an exchange site.
Now suppose I do not trust any external service for sending out transactions, because e.g. recent events make me feel strongly against relying on third parties.
How would I go about running by bitcoind securely on my own server(s) without fear of being compromised? All I can think of is separating bitcoind from the webserver and run all transaction orders via a locked down gateway, probably with some kind of queue system, but this just makes attack surface smaller and does not really solve the problem. Something like webserver <--> order DB <--> bitcoind, with the order db only listening to the one port it needs and requiring encryption + authentication. But I'm not really satisfied with this design.
What are the best practices for this?

Tips: 1MBtY22JBW6bzg8RU4zjYpeaum3jTRJkDe
1526938454
Hero Member
*
Offline Offline

Posts: 1526938454

View Profile Personal Message (Offline)

Ignore
1526938454
Reply with quote  #2

1526938454
Report to moderator
1526938454
Hero Member
*
Offline Offline

Posts: 1526938454

View Profile Personal Message (Offline)

Ignore
1526938454
Reply with quote  #2

1526938454
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1526938454
Hero Member
*
Offline Offline

Posts: 1526938454

View Profile Personal Message (Offline)

Ignore
1526938454
Reply with quote  #2

1526938454
Report to moderator
1526938454
Hero Member
*
Offline Offline

Posts: 1526938454

View Profile Personal Message (Offline)

Ignore
1526938454
Reply with quote  #2

1526938454
Report to moderator
1526938454
Hero Member
*
Offline Offline

Posts: 1526938454

View Profile Personal Message (Offline)

Ignore
1526938454
Reply with quote  #2

1526938454
Report to moderator
CIYAM
Legendary
*
Offline Offline

Activity: 1876
Merit: 1000


Ian Knowles - CIYAM Lead Developer


View Profile WWW
November 05, 2013, 02:13:21 PM
 #2

A "hot wallet" (i.e. one running on a server connected to the internet) is always going to be problematic.

Depending upon your needs you'd be better of having coins put into "cold storage" and signing transactions *offline* although that may not be suitable due to delays (especially if you process the *offline* transactions manually).

Typically sites like exchanges use a combination of "hot" and "cold" wallets to provide for quick response but with added security (better to only lose say 10% of the BTC due to a hacker than 100%).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!