Topic: Is it really necessary to keep bitcoind on separate server? (Read 2228 times)
At the end of the day, if you know where your single point of failure/entry is, it is that point that you should secure to whatever degree is feasible in your situation. Web servers unfortunately have tons of attack vectors available.
If hacker takes control of your web-server, he can send rpc request to your bitcoin server or prepare data for pick up from 'locked down' server.
The best way - to secure your web server. Use encrypted disks for sensitive data like db, bitcoin configs and wallets. Unmount disks, lock wallet on any unautorized access to the server. Send rpc request from dedicated user, not from www.
The best way - to secure your web server. Use encrypted disks for sensitive data like db, bitcoin configs and wallets. Unmount disks, lock wallet on any unautorized access to the server. Send rpc request from dedicated user, not from www.
i dont see a problem with having them on the same machine as long as that server does not control any funds.
any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.
any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.
No need, the machine can be encrypted, or even just the wallet encrypted and unlocked when it has to send out funds. And only use https calls to get data so that the host can't find clues in the traffic.
This is bad advice (except the https part).
notme has given you good advice if you want your funds to be safer. I won't repeat what he said, but his advice is sound. (You should also be concerned about using a VPN, bitcoins have been reportedly stolen from them even with good security, by ISP employees.)
i dont see a problem with having them on the same machine as long as that server does not control any funds.
any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.
any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.
No need, the machine can be encrypted, or even just the wallet encrypted and unlocked when it has to send out funds. And only use https calls to get data so that the host can't find clues in the traffic.
You shouldn't have your web server rpc call to bitcoind.
I need my web application to generate keypairs. I could also generate them via PHP, but importing the private key to bitcoind is a pain in the ass (makes bitcoind unresponsible for minutes).
My bitcoind server is a laptop running in my basement.
You can solve this problem in the same way - your bitcoin server checks the task "create new keypair" and if it is exists - proceed it.
Your solution is OK too, if you satisfied how it works.
You shouldn't have your web server rpc call to bitcoind.
I need my web application to generate keypairs. I could also generate them via PHP, but importing the private key to bitcoind is a pain in the ass (makes bitcoind unresponsible for minutes).
My bitcoind server is a laptop running in my basement.
Quote
bitcoin server which has an empty wallet -> same server
bitcoin server which has access to money -> another server which YOU host yourself
bitcoin server which has access to money -> another server which YOU host yourself
but how to make automatically payouts ?
Quote
Bitcoind should be on a locked down server that only allows outgoing connections to the database so it can ask the database what needs to be sent and allow it connect to a single bitcoind instance you control that is only used to broadcast transactions.
good idea. At least attacker will not get direct access to wallet.dat or send RPC call to spend all available coins.
Subject.
Imagine, that there is web-server and bicoin-server.
What if hacker will get access to web-server and make RPC call to bitcoind server and send coins to his address?
In this case no reason to have separate bitcoin-server for this. Or I missed something.
Imagine, that there is web-server and bicoin-server.
What if hacker will get access to web-server and make RPC call to bitcoind server and send coins to his address?
In this case no reason to have separate bitcoin-server for this. Or I missed something.
You shouldn't have your web server rpc call to bitcoind. Bitcoind should be on a locked down server that only allows outgoing connections to the database so it can ask the database what needs to be sent and allow it connect to a single bitcoind instance you control that is only used to broadcast transactions. Of course, you should design it in such a way that an attacker would have to spend significant time understanding your built in checks before they are able to fake records without tripping up your automated integrity checks. If an integrity check does fail, immediately send all funds to a cold wallet and cease operations until a human can check it out. Even with all that, most funds should be kept offline and only made available to the bitcoind server when it's supply runs low.
i dont see a problem with having them on the same machine as long as that server does not control any funds.
any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.
any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.
I dont understand you
In first sentence you say that there is no problem to keep bitcoin server and web server on the same machine,in the second you say that bitcoin server should be on another network
bitcoin server which has an empty wallet -> same server
bitcoin server which has access to money -> another server which YOU host yourself
i dont see a problem with having them on the same machine as long as that server does not control any funds.
any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.
any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.
I dont understand you
In first sentence you say that there is no problem to keep bitcoin server and web server on the same machine,in the second you say that bitcoin server should be on another network
i dont see a problem with having them on the same machine as long as that server does not control any funds.
any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.
any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.
Subject.
Imagine, that there is web-server and bicoin-server.
What if hacker will get access to web-server and make RPC call to bitcoind server and send coins to his address?
In this case no reason to have separate bitcoin-server for this. Or I missed something.
Imagine, that there is web-server and bicoin-server.
What if hacker will get access to web-server and make RPC call to bitcoind server and send coins to his address?
In this case no reason to have separate bitcoin-server for this. Or I missed something.
Jump to: