Bitcoin Forum
May 21, 2022, 12:39:56 AM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Hosting Platform Security  (Read 145 times)
LibertyShire
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
May 03, 2018, 12:25:29 PM
 #1

Greetings,

Lets say i developed a web application that sends and receives bitcoin to and from users (such as online store), and then hosted that web application on a hosting service provider. how can i make sure that the hosting Owner / Manager won't compromise / steal key and password information and use it to login to my wallet and send bitcoins to his account  ? after all,  the process of (private key + public key  + ScriptPubKey etc...) is done on their server which could be seen by them!!!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1653093596
Hero Member
*
Offline Offline

Posts: 1653093596

View Profile Personal Message (Offline)

Ignore
1653093596
Reply with quote  #2

1653093596
Report to moderator
1653093596
Hero Member
*
Offline Offline

Posts: 1653093596

View Profile Personal Message (Offline)

Ignore
1653093596
Reply with quote  #2

1653093596
Report to moderator
1653093596
Hero Member
*
Offline Offline

Posts: 1653093596

View Profile Personal Message (Offline)

Ignore
1653093596
Reply with quote  #2

1653093596
Report to moderator
AdolfinWolf
Legendary
*
Offline Offline

Activity: 1918
Merit: 1427


View Profile
May 03, 2018, 12:31:19 PM
 #2

Greetings,

Lets say i developed a web application that sends and receives bitcoin to and from users (such as online store), and then hosted that web application on a hosting service provider. how can i make sure that the hosting Owner / Manager won't compromise / steal key and password information and use it to login to my wallet and send bitcoins to his account  ? after all,  the process of (private key + public key  + ScriptPubKey etc...) is done on their server which could be seen by them!!!

Use a reputable hosting service if you're working with alot of money etc.

A company such as Amazon / DigitalOcean isn't going to risk their entire business/reputation just to steal a couple million from you.

See this as reference. https://stackoverflow.com/questions/7154006/should-i-how-do-i-protect-source-code-from-web-host

There might be a way to encrypt all your data/wallets/ but even if that's possible, it's going to slow everything down and it'll just be a general pain in the a$$.


Alternatively: Host your business yourself.

I'm pretty sure you can buy hardware for servers online pretty easily, then you just have to place them in a datacenter. ( Which shouldn't be too hard if you have a thriving business.)


DannyHamilton
Legendary
*
Offline Offline

Activity: 2800
Merit: 3096



View Profile
May 03, 2018, 02:45:19 PM
Merited by HeRetiK (1), bob123 (1)
 #3

Store only the addresses (or better yet, generate the addresses from an xPub as needed) on the hosted server.  That way the users can send the funds to you without needing any private keys on the hosted server at all.

Have a separate smaller system which is not hosted for sending funds out.  The users can place requests for funds on the hosted server where the requests can be stored.  The non-hosted server can retrieve the requests, run them through a set of sanity checks to make sure nothing unexpected is happening, and then can send out the funds in scheduled batches (reducing transaction costs).

The non-hosted server can be secured behind a firewall allowing NO incoming connections at all, and ONLY allowing the 1 outgoing connection to the hosted server.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!