Topic: [Idea/Announce] Bitcoind Proxy (Read 4261 times)

Quick Update 11/21/2012
I just wanted to leave the exact features of the proxy. This will not be a full list just cause I want to leave somethings for the launch.
Features

• Signature and secret hash that signs the method calls, so no random calls (signature contains a little more information to calculate)
• Whitelist and blacklist of IP addresses, if none is supplied it defaults to whitelisting 127.0.0.1 AKA localhost which also blacklists every other IP Address
• Logs are separated into three different logs (error.log, transaction.log, commands.log) The first log error.log only contains the errors, the second log transaction.log only contains entries of payments (No amounts or bitcoin addresses, just ip and the command of making the payment), the third log is every command and the ip that accessed
• The configuration file once opened by the proxy it will encrypted the file
• Tag ips with certain accounts on the bitcoind for better speration

So those the big features there are some other features that are quite useful but they will be revealed at launched.

Well the competition would be in more of security centric designs, where you are clearly going for easy of use of the api in php, so it would be minimal, but thanks!

I'm not worried about competition, I encourage it (especially in Bitcoins state as far as development tools availability goes), I was confused about some "use" cases for your project, thanks for clearing it up gweedo. Can't wait to see what you got under the hood, Cheers!

Very very interesting! If you do release it, I'll have to take a peek!

So basically your saying I could run a website that doesn’t need to have the bitcoind credentials in the *Insert language here* to communicate with bitcoind instead with your work/software it talks to java which generates one-time sha1 password to proxy the data through an encrypted channel?

Just trying to think of field uses for this, thanks!

I recently posted in a security about how I handle security for my bitcoind, I actually built a "proxy" which is written in java with a couple php cron jobs. A couple people pmed me about releasing or them scoring a copy I never thought I would release so it is kinda hacky, but it got me thinking if enough people want it to be release I can clean it up (which is making it more modular and no php cron jobs) and give it out.

So basically how it works, is that you have your bitcoind running on the same server as this proxy which connects to it (as of now it only connects on a certain port I use and only looks for the localhost this would have to be changed). The proxy is built on top of Jetty giving you a web server, without having to run apache. I wrote it cause security isn't that great with bitcoind, but this extends that, first it eliminates all get methods and every method is passed thru as a post. It also eliminates having to connect to your bitcoind, so no username or passwords in your actual code (I am actually considering if this is on the same server, it will read the bitcoin.conf file for that information), it employs using whitelisted ips and signing each command to the proxy(right now it is just a SHA-1 (probably changing) hash of the method with a secret token that is generated and passed). It also allows you blacklist ips, I never used it but it is there. It also allows time sensitive commands, so if basically it would write that to mysql and php cron job would pick on that if I was decided to release that would be written in java, and no output of that. It also logs every transaction so you can see what was done at what time (It logs, the ip of the server that access the proxy, the method that was called)

This would not be done overnight, it would take awhile actually, cause it was first written as a set of php scripts, then I need more robust so I been slowly converting it into a java program.

Leave questions, comments, and feature request...