- One nmap script kiddes will never see your bitcoind running
- If the full front box is compomised you should be able to have red flags sent to your email giving you enough time to take the bitcoind offline
- Filter out certain request using the firewall and iptables
Topic: bitcoind json rpc client question (Read 997 times)
Ok straight up the reasons you have a two different physical servers
you mean "time limited" so that only some many send commands can be sent in a limited about of time?
Time sensitive which means a signed command can only execute in a certain time frame. What you just describe is a rate limit which I don't impose, cause signing a command is kinda a rate limit in itself.
Do you also limit the amounts that can be send via rpc.
Kinda what the proxy does it takes command puts it into a database which is then pulled, command is check then executed. Again this is a rate limit.
Your logic about the bitcoind box only being accessible from the web app box is not really a security feature as the attacker who compromised the web box, can still access the bitcoind box.
No one is telling you have to do security, but I have a track record of no coins stolen and there have been attempts where the attacker has had full control of the frontend box, but has never gotten the coins. So that speaks for itself.
I'm not questioning your ability. I'm trying to have a discussion about bitcoin security which is not a bad conversation to be having. I just don't see the security benefit of separating front end web service and back end bitcoind on two boxes and though you might have some insight.
I do think dedicated, physical servers, locked cages, hardware security device for private keys and cold storage, with multiple encrypted back up for 90% of any coin over a certain level is the best practice for significant amounts of coin regardless of the number of boxes you are running.
Thanks.
I do think dedicated, physical servers, locked cages, hardware security device for private keys and cold storage, with multiple encrypted back up for 90% of any coin over a certain level is the best practice for significant amounts of coin regardless of the number of boxes you are running.
Thanks.
you mean "time limited" so that only some many send commands can be sent in a limited about of time?
Do you also limit the amounts that can be send via rpc.
Your logic about the bitcoind box only being accessible from the web app box is not really a security feature as the attacker who compromised the web box, can still access the bitcoind box.
Do you also limit the amounts that can be send via rpc.
Your logic about the bitcoind box only being accessible from the web app box is not really a security feature as the attacker who compromised the web box, can still access the bitcoind box.
gweedo,
Could you explain how web app on one box and bitcoind on another box increases security.
If the web app box is compromised, attacker still has full access to the bitcoind through rpc?
Could you explain how web app on one box and bitcoind on another box increases security.
If the web app box is compromised, attacker still has full access to the bitcoind through rpc?
are you using rpc on the same box or a remote box?
it's running on the same machine.are you setting the time to lock on walletpassphrase long enough?
the wallet isn't encrypted.
thanks for your reply.
thanks for your reply. strange i get "failed to open http request" when i do this. strange thing is when i execute the send from after some moments it works. and get balance shows the amount properly.
are you using rpc on the same box or a remote box?
are you setting the time to lock on walletpassphrase long enough?
thanks for your reply. strange i get "failed to open http request" when i do this. strange thing is when i execute the send from after some moments it works. and get balance shows the amount properly.
what does getbalance say?
EDIT: Move within the same bitcoind should be instant.
EDIT: Move within the same bitcoind should be instant.
hi, i'm new at bitcoins and i have a question about json rpc and bitcoind. how long does it take to move coins from one account to another? e.g. if i have the accounts a with a balance of 10 btc and b with a balance of 0 btc and i first execute the command move(a,b,10) and then sendfrom (b,xxx,10) i get an insufficient funds error. how long does it take until the coins are available for sending in account b?
thanks for your answers
crow
thanks for your answers
crow
Jump to: