Author

Topic: Aspects of ecommerce based on Bitcoin (Read 1280 times)

legendary
Activity: 2128
Merit: 1073
August 10, 2011, 07:21:50 PM
#18
Please don't tell me that its not possible to limit request to API per IP or per time (and the API should be for registered users only). And if it is busy, it should not affect web UI responses.
I guess you'll have to learn your own lessons when you get DDoS-ed for the first time, quite possibly by malfunctioning simple-minded software, not by intentional hackers.
Don't you know if there have been any tests for speed of bitcoind json responses when there are large amounts of accounts/labels created or should I do tests myself?
You'll have to do it yourselves. But be aware of the multithreaded patches by Joel Katz:

https://bitcointalksearch.org/topic/20-btc-multithreaded-keep-alive-implementation-in-bitcoind-22585
member
Activity: 107
Merit: 10
August 10, 2011, 07:39:40 AM
#17
What is the best way to handle temporary accounts for incoming payments? is there currently way to delete account ?
Accounts in bitcoind are fiction. They are essentially labels on transactions. The default label on the transaction is an empty string thus the default account has name "". Don't worry about deletion now. bitcoind currently doesn't handle properly transactions stalled in the "unconfirmed" state and requires manual fixups. Once this bug is fixed you can then worry about cleaning up stale accounts.
OK. Don't you know if there have been any tests for speed of bitcoind json responses when there are large amounts of accounts/labels created or should I do tests myself?
member
Activity: 107
Merit: 10
August 10, 2011, 07:32:25 AM
#16
Actually unavailability of Mt.Gox web UI could be solved without any change in their API. Its just that you take different security (and overuse/exploit) measures for each separately.

Please don't tell me that its not possible to limit request to API per IP or per time (and the API should be for registered users only). And if it is busy, it should not affect web UI responses.

Anyway back to original topic - separate c++ daemon looks like the way.
legendary
Activity: 2128
Merit: 1073
August 09, 2011, 11:22:07 PM
#15
What improvement in efficiency should I expect compared to using bitcoind RPC?
JSON-RPC is a really bad choice for a real-time network protocol. Basically its use cannot be distinguished from a Distributed Denial of Service Attack.

Mt.Gox suffers from it: uses JSON-RPC for market information thus when there's more than about several hundreds of users their DDoS protection service kicks in and users cannot trade in real-time any more.

Here's a link to me trying to explain it to the MtGox users:

https://bitcointalksearch.org/topic/m.439514


legendary
Activity: 2128
Merit: 1073
August 09, 2011, 10:19:56 PM
#14
What is the best way to handle temporary accounts for incoming payments? is there currently way to delete account ?
Accounts in bitcoind are fiction. They are essentially labels on transactions. The default label on the transaction is an empty string thus the default account has name "". Don't worry about deletion now. bitcoind currently doesn't handle properly transactions stalled in the "unconfirmed" state and requires manual fixups. Once this bug is fixed you can then worry about cleaning up stale accounts.
member
Activity: 107
Merit: 10
August 09, 2011, 04:57:33 PM
#13
Short term you can implement notification callbacks in the block and transaction verification code. You'll need to employ (or be) a competent C++ programmer.
You mean to deploy independent c++ daemon to search through blocks for transaction statuses?
What improvement in efficiency should I expect compared to using bitcoind RPC?
member
Activity: 107
Merit: 10
August 09, 2011, 04:46:30 PM
#12
Just as we start the service, we'll invite bunch of hackers to audit the system.

Great to hear you are really serious about security.

Quote from: carlos
Question: is there currently way to delete account ?

If you are referring to BitcoinNotify, sure there is. Seek in the profile settings.
Sorry I'm refering to local bitcoind server (wallet) and its official functions:
There are addresses in accounts and you can move addresses between accounts. But I haven't found way to delete account.
newbie
Activity: 58
Merit: 0
August 09, 2011, 04:40:14 PM
#11
Just as we start the service, we'll invite bunch of hackers to audit the system.

Great to hear you are really serious about security.

Quote from: carlos
Question: is there currently way to delete account ?

If you are referring to BitcoinNotify, sure there is. Seek in the profile settings.
member
Activity: 107
Merit: 10
August 09, 2011, 04:35:56 PM
#10

If we are speaking about transaction notifications, there is also a third option, perhaps the easiest one: https://bitcoinnotify.com

Thanks, but we prefer to run our wallet on our own secured NIX based system.

blkmond is great but I like the patch for the bitcoind more Smiley and already have this installed on our system and works great...
The only thing that I need to recompile it when new versions come. I suggest this block notify option should be implemented in official bitcoind.
member
Activity: 107
Merit: 10
August 09, 2011, 04:32:29 PM
#9
I'm currently developing payment gateway and wonder what are experts opinions about architecture of the middleman system on top of bitcoind server wallet.

Your questions does not address the biggest concern here: security. It's extremely hard to properly secure wallet living on the server.

I have already implemented basic wallet service. All fine... Rest assured that my experiences are 12+ years with serverside scripting and our admin is *NIX guru with 10 years experience in IP networks and NIX security.

I'm not type of guy who would accidentaly delete wallet ... or let the password rest unencrypted on filesystem (as we have seen in past). we are prepared to build serious and robust solution... Just as we start the service, we'll invite bunch of hackers to audit the system.

Questions:

What is the best way to handle temporary accounts for incoming payments? is there currently way to delete account ?

What is the best way to listen for incoming transacions? already implemented bitoind functions or bitcoin patch?
member
Activity: 107
Merit: 10
August 09, 2011, 04:29:12 PM
#8
Satoshi client a.k.a. bitcoin a.k.a. bitcoind is not designed to do what you are planning. The design will not change as a matter of policy of the "core development group". This is/was meant to be "peer to peer" project and it frowns on "middlemen" as a matter of ideology. Your long term hope is only in libbitcoin project.
I have come to conclusion that the middle-man is needed in current time because downloading the whole chain is not comfortable for the clients. And its clearly what e.g. mtgox.com, mybitcoin.com (Smiley ) bitomat.pl (Cheesy) do... so any service based on btc needs account management on their site (and this is what is my project about).
Quote
Your worries about saving space are premature. In order to fully participate in the bitcoin economy you'll have to store the whole block chain. Maintaining additional index of interesting transactions will be a pittance in terms of disk space.
I'm sure that bitcoind itself is very efficient in storing transactions and block chain... What I need is to check transaction statuses on incoming payments (confirmations are enough - or is there anything behind that I dont see?).
Quote
To better understand the mindset of this forum may I suggest that you go through the history of my posts (it is 3 pages now) and look into other posts on the threads I replied. I really tried to stick to the technical issues.

Good luck!
I'll dive into it, thanks for help...
hero member
Activity: 588
Merit: 500
August 09, 2011, 02:36:53 PM
#7
Right now you have two options for being notified of a transaction: this patch (requires wallet online) and blkmond (does not require online wallet, but isn't currently stable).

If we are speaking about transaction notifications, there is also a third option, perhaps the easiest one: https://bitcoinnotify.com

(does not require wallet online)

True. But your service is a third party service, something the OP doesn't seem interested in. I could be wrong though.
newbie
Activity: 58
Merit: 0
August 09, 2011, 02:28:41 PM
#6
Right now you have two options for being notified of a transaction: this patch (requires wallet online) and blkmond (does not require online wallet, but isn't currently stable).

If we are speaking about transaction notifications, there is also a third option, perhaps the easiest one: https://bitcoinnotify.com

(does not require wallet online)
hero member
Activity: 588
Merit: 500
August 09, 2011, 02:15:21 PM
#5
Right now you have two options for being notified of a transaction: this patch (requires wallet online) and blkmond (does not require online wallet, but isn't currently stable). I've been working on stabilizing blkmond for some time and hopefully it will be usable soon.
newbie
Activity: 58
Merit: 0
August 09, 2011, 01:21:16 PM
#4
I'm currently developing payment gateway and wonder what are experts opinions about architecture of the middleman system on top of bitcoind server wallet.

Your questions does not address the biggest concern here: security. It's extremely hard to properly secure wallet living on the server.
legendary
Activity: 2128
Merit: 1073
August 09, 2011, 10:16:43 AM
#3
Satoshi client a.k.a. bitcoin a.k.a. bitcoind is not designed to do what you are planning. The design will not change as a matter of policy of the "core development group". This is/was meant to be "peer to peer" project and it frowns on "middlemen" as a matter of ideology. Your long term hope is only in libbitcoin project.

Short term you can implement notification callbacks in the block and transaction verification code. You'll need to employ (or be) a competent C++ programmer.

Your worries about saving space are premature. In order to fully participate in the bitcoin economy you'll have to store the whole block chain. Maintaining additional index of interesting transactions will be a pittance in terms of disk space.

To better understand the mindset of this forum may I suggest that you go through the history of my posts (it is 3 pages now) and look into other posts on the threads I replied. I really tried to stick to the technical issues.

Good luck!
member
Activity: 107
Merit: 10
August 09, 2011, 07:13:03 AM
#2
Please mods, move it to development forum, thx...
member
Activity: 107
Merit: 10
August 08, 2011, 08:10:01 PM
#1
I'm currently developing payment gateway and wonder what are experts opinions about architecture of the middleman system on top of bitcoind server wallet.

From the forum and available wiki I've figured at least two ways to handle separate merchants (or projects) using the same wallet file on server.

First: User has own bitcoin account and for each expected payment new address is created. Server listener then awaits the payment for this particular address and confirms the payment to the merchant. Payment is credited to user bitcoin account.

Second: Aside of own user bitcoin account we create also new unique account for each customer order. This way we can check only the balance of particular account and after balance is confirmed call the merchant's site. Then amount is moved from temporary order account to user's main account.

I wonder what are the bottlenecks and which way to go to handle thousands of users. What are the aspects of scaling handling the listener for the incoming payments. What are best and most efficient commands to use for checking it through bitcoind. Is there way to delete not used accounts to save space?

Thanks alot for any suggestions...
Jump to: