I have one question.
Wasn't there a problems running NXT software on VPS because of security risk?
I remember in the long locked thread people were advised to not keep the wallet open and forge on VPS
as this was described as insecure.
Can someone deny (clarify) this?
Thanks.
There is some risk, that's why I posted
a safe way of doing it 
Thanks I will mark your words.
Based on this I have more questions related to NXT or similar coin security.
The question is how securely implement a service based on NXT for example
a website for something would need to do automated payments to users.
To be able to send a payment the wallet needs to be unlocked with a password and
a transaction needs to be sent out.
If the website is hosted by some hosting provider does ti mean that the wallet needs to be
hosted there as well? The script php,asp,python or whatever needs to unlock the wallet
and send the API request.
How this kind of things should be implemented to avoid security risks where the passwords shoud be stored?!
I think anyone that has access to the hosting account or VPS account could hack this or not? what are you suggestions to avoid security risks?
Thanks.
Not really.
You can set up a message buss or queue. The web site sends a message to the Queue. The wallet monitors the queue. This means the wallet can be hosted on a separate server.
There are always points of failure though. For example, what if someone gained access to the web server and got the key it used to sign messages sent to the queue. Same issue if the wallet service blindly sends everything.
This is usually mitigate with a HOT wallet and a COLD wallet. The HOT wallet is limited to a certain amount of coins. Anything over that is sent to the COLD wallet automatically. This limits and fraudulent claims to the amount in the HOT wallet.
But, bottom line, security should be JOB ONE for any web site that automatically sends coins. Automatically accepting them is so much safer, since there is no need for access to the private key to do this.
