How to securely sign and publish Bitcoin transaction (using Bitcore JS library)?

It's generally a bad practice to have crypto keys in your source code, because often times developers forget about them and then accidentally expose them by commiting their code on github or sharing the it through other means. The solutions is environmental variables, there are plenty of guides of how to use them for Javascript developers, like this one: https://www.twilio.com/blog/2017/08/working-with-environment-variables-in-node-js.html

Quote from: Anonymous Kid on May 04, 2018, 08:51:22 AM

Is this a secure way to sign and publish a transaction or can the node intercept the private key?

What do you mean "intercept private key"? In that example the key is in the code, so your node process obviously knows it. If you are working on backend, then your whole codebase should be perfect and you need to always check the news for potential zero-day vulnerabilities, it's often enough to have just one vulnerability to give attackers full access to your servers and steal everything from hot wallets. This is why Bitcoin services keep most of their funds in cold wallets.

Topic: How to securely sign and publish Bitcoin transaction (using Bitcore JS library)? (Read 179 times)