Author

Topic: bitcoind security best practices? (Read 1532 times)

kjj
legendary
Activity: 1302
Merit: 1026
November 15, 2012, 06:45:46 PM
#8
The step about copying the chaining cert to the client is very important.  Without that step, an attacker can man-in-the-middle you.
legendary
Activity: 1652
Merit: 2301
Chief Scientist
November 15, 2012, 02:35:18 PM
#7
i suppose we don't need to buy certificates for this server to server connection, how do we generate the needed files on our own?
See: https://en.bitcoin.it/wiki/Enabling_SSL_on_original_client_daemon
full member
Activity: 136
Merit: 100
November 15, 2012, 10:35:13 AM
#6
i see that bitcoind conf file has an option to use ssl

 -rpcssl                                  Use OpenSSL (https) for JSON-RPC connections
 -rpcsslcertificatechainfile=  Server certificate file (default: server.cert)
 -rpcsslprivatekeyfile=         Server private key (default: server.pem)
 -rpcsslciphers=                 Acceptable ciphers (default: TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH)



i suppose we don't need to buy certificates for this server to server connection, how do we generate the needed files on our own?
full member
Activity: 182
Merit: 100
November 06, 2012, 03:49:58 PM
#5
Quote
Use a SSL rpc connection true a secure and restrictive vpn tunnel.

added a nice ending the sentence.  Grin
full member
Activity: 136
Merit: 100
November 06, 2012, 02:28:50 PM
#4
sending and receiving
i've got a dedicated anyway, so not gonna use a vps for bitcoind
vps or shared i might use for the site

the wallet will be encrypted, since commands to bitcoind will be sent from php script on the other server, will we need to transmit the wallet password between the servers?
how is best to protect the connection between the servers?

i'm gonna use ssl certificate for the site to user connection, but have no experience with backdoor server to server communications, neither with the bitcoind protocol, so excuse my newbie questions Smiley
hero member
Activity: 675
Merit: 514
November 06, 2012, 01:33:56 PM
#3
It all depends on what you want to do with your Bitcoind.
Only sending Bitcoins? Or mining?
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
November 06, 2012, 10:03:21 AM
#2
Personally I would not put bitcoind on any VPS - is it such a problem to set up your own computer to do that?
full member
Activity: 136
Merit: 100
November 06, 2012, 09:38:35 AM
#1
I'm thinking of running bitcoind on my dedicated server where wallet.dat will be stored in a folder not accessible from internet.
I'll get shared hosting or VPS for the actual site but was wondering where to set the mysql DB?

I suppose since, the interactions with bitcoind will be only when receiving or sending money, and with the mysql DB much more often for all sort of things, would be better for usability to place it on the frontend?
How do you secure the communication between both servers?
If you have ssl for the communication between the frontend server and the client, can you use the same for the backdoor communication to the dedicated with bitcoind?


What would you guys do and what other security precautions you like to take when using bitcoind and wallet on a server?
Jump to: