Bitcoin Forum
November 15, 2024, 08:58:16 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [ask] best practices accepting bitcoin for a website with bitcoind  (Read 1297 times)
buffett (OP)
Newbie
*
Offline Offline

Activity: 59
Merit: 0


View Profile
January 01, 2014, 03:45:08 PM
 #1

i want start accepting bitcoin for my website with bitcoind.

my question is, what is the best way to generate new address for receiving btc? should i create a new address and assign to new account for every transaction? or it better to create a new address assigned to main account?

which way is better for security and performance? one account with ton of addresses, or ton of accounts with 1 address per account.

and when do i need to perform a backup? after new address created? after receiving fund? after sending fund?

thanks
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1011



View Profile
January 02, 2014, 09:22:16 AM
 #2

1. Do not host your wallet or private keys on your webserver, just addresses.

2. DO NOT HOST YOUR WALLET OR PRIVATE KEYS ON YOUR WEBSERVER, JUST ADDRESSES.

3. Generate your address + private keys offline / remotely, i.e. on a different physical location than your webserver. Thus allowing your webserver to retrieve new addresses as needed, without exposing access to your private keys anywhere.

4. Use a new address for each payment/order. This way you can always check if a specific payment has been made or a specific order has been paid. With one address per account, you cannot clearly distinguish between payments for different orders.

5. Instead of generating private keys + addresses on the fly, you could pregenerate a few thousand addresses / private key pairs, and backup those. Backup again whenever creating (and before using) new keys + addresses and increase volume as needed.

6. On the webserver end, just backup your order/payment/account database just like you would now. Before or after receiving doesn't matter, that is already backed up in the blockchain Smiley And before or after sending fund does not apply here, as per rules 1 and 2.

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
January 02, 2014, 09:23:30 AM
 #3

What's best for security and performance is to not use bitcoind at all.
Generate your adresses deterministically instead, dem libs are out there.

buffett (OP)
Newbie
*
Offline Offline

Activity: 59
Merit: 0


View Profile
January 02, 2014, 12:22:06 PM
 #4

What's best for security and performance is to not use bitcoind at all.
Generate your adresses deterministically instead, dem libs are out there.

how to check incoming transfer then?
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
January 02, 2014, 01:13:45 PM
 #5

how to check incoming transfer then?

You need to monitor the addresses on which you are expecting payments.
This can be achieved in a variety of ways, blockchain has an API, you could plug in to an electrum server, do some polling, it really depends on your use case.
Another suggestion : don't allow addresses to be valid permanently if possible, tell your users the addresses have a finite lifetime, so you can rotate the master public seeds regularly.

coinrevo
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
January 02, 2014, 01:25:08 PM
 #6

What are the standard packages used for this? I've spend some time with the python-bitcoin RPC and libbitcoin which is somewhat more "user friendly".
buffett (OP)
Newbie
*
Offline Offline

Activity: 59
Merit: 0


View Profile
January 02, 2014, 02:26:12 PM
 #7

how to check incoming transfer then?

You need to monitor the addresses on which you are expecting payments.
This can be achieved in a variety of ways, blockchain has an API, you could plug in to an electrum server, do some polling, it really depends on your use case.
Another suggestion : don't allow addresses to be valid permanently if possible, tell your users the addresses have a finite lifetime, so you can rotate the master public seeds regularly.

blockchain receive payment API  is very slow and ugly.

what is the best way to monitor ton of addresses without hosting the wallet in the same server?

if bitcoind hosted it is very easy to just call rpc request: listtransactions \* 1000

and why electrum server, what are the differences compared to bitcoind?

thanks
kostagr33k
Full Member
***
Offline Offline

Activity: 309
Merit: 100


View Profile
January 04, 2014, 05:30:38 AM
 #8

This post may help you find a way to monitor transactions .. However you would need to know all addresses you want to monitor unlike with bitcoind running your wallet for monitoring:

http://bitcoin.stackexchange.com/questions/4601/how-can-i-read-information-from-the-blockchain


Would be interested in knowing which method you choose and how it goes!


Kosta
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
January 04, 2014, 12:38:48 PM
 #9

you would need to know all addresses you want to monitor

That's a good practice, with unexpiring addresses you monitor a constantly growing set.

Altoidnerd
Sr. Member
****
Offline Offline

Activity: 406
Merit: 251


http://altoidnerd.com


View Profile WWW
January 18, 2014, 03:29:11 AM
 #10

Just to be clear, is this a discussion of best practices for a website wishing to accept bitcoin payments specifically WITHOUT the use of a payment processing service such as bitpay or coinbase?

Do you even mine?
http://altoidnerd.com 
12gKRdrz7yy7erg5apUvSRGemypTUvBRuJ
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!