Author

Topic: Hosting Platform Security (Read 211 times)

legendary
Activity: 3472
Merit: 4801
May 03, 2018, 09:45:19 AM
#3
Store only the addresses (or better yet, generate the addresses from an xPub as needed) on the hosted server.  That way the users can send the funds to you without needing any private keys on the hosted server at all.

Have a separate smaller system which is not hosted for sending funds out.  The users can place requests for funds on the hosted server where the requests can be stored.  The non-hosted server can retrieve the requests, run them through a set of sanity checks to make sure nothing unexpected is happening, and then can send out the funds in scheduled batches (reducing transaction costs).

The non-hosted server can be secured behind a firewall allowing NO incoming connections at all, and ONLY allowing the 1 outgoing connection to the hosted server.
legendary
Activity: 1946
Merit: 1427
May 03, 2018, 07:31:19 AM
#2
Greetings,

Lets say i developed a web application that sends and receives bitcoin to and from users (such as online store), and then hosted that web application on a hosting service provider. how can i make sure that the hosting Owner / Manager won't compromise / steal key and password information and use it to login to my wallet and send bitcoins to his account  ? after all,  the process of (private key + public key  + ScriptPubKey etc...) is done on their server which could be seen by them!!!

Use a reputable hosting service if you're working with alot of money etc.

A company such as Amazon / DigitalOcean isn't going to risk their entire business/reputation just to steal a couple million from you.

See this as reference. https://stackoverflow.com/questions/7154006/should-i-how-do-i-protect-source-code-from-web-host

There might be a way to encrypt all your data/wallets/ but even if that's possible, it's going to slow everything down and it'll just be a general pain in the a$$.


Alternatively: Host your business yourself.

I'm pretty sure you can buy hardware for servers online pretty easily, then you just have to place them in a datacenter. ( Which shouldn't be too hard if you have a thriving business.)

newbie
Activity: 22
Merit: 0
May 03, 2018, 07:25:29 AM
#1
Greetings,

Lets say i developed a web application that sends and receives bitcoin to and from users (such as online store), and then hosted that web application on a hosting service provider. how can i make sure that the hosting Owner / Manager won't compromise / steal key and password information and use it to login to my wallet and send bitcoins to his account  ? after all,  the process of (private key + public key  + ScriptPubKey etc...) is done on their server which could be seen by them!!!
Jump to: