Pages:
Author

Topic: OpenEx: Progress Report - 95% launching this week - page 7. (Read 9591 times)

hero member
Activity: 686
Merit: 504
always the student, never the master.
i have decided i will go ahead and begin opensourcing the exchange.

in today's update, i will be adding a mobile site, and modifying the way php identifies devices to include a class for mobile devices. after that i will begin building the admin interface. when i have installed the basic admin interface, i will break with programming and install an LNMP(Linux, Nginx, MySQL, PHP)stack on my local unix system and begin using it as the test server.

this system will be the basis for future updates, and will be the testing ground for our project. updates to the openex website will no longer be processed automatically, except for a manual process of updating the files through git as opposed to straight sftp interaction from the test server to the server @ openex.

additionally if time permits i will begin work on building the user privileged actions class in php, with a separate class system for admins. instead of the normal id based class interaction, an asyncronous class will be created for each class in order to verify and regulate the class defacto class interaction system of the php/mysql platform. this is imperative as it sets a hardcoded limit on what users can accomplish with quote "privilege escalation" exploits. think of it as a security by execution of php scripts through a window that monitors and approves each interaction a a script with the php parser using:

-custom rule sets
-XSS prevention private function keys
-script execution window through uses of keys previously mentioned, expiring imediately by being added to the database as processed request record.
-double salt function applied to all json interactions
-key based  32,768 bit encryption of communications between the wallet servers(called "clients" as each one hosts a specific wallet) utilizing an encryption system i have developed in php using keys stored on wallet servers. the way it works is, information will be sent from the main server through a php page encrypting the json and other information. the client server will receive and before decoding, it will return the key also encrypted with the prototype algorithm. the double salting function reduces hash collision and create random, secure keys for each interaction, meaning these interactions can be neither decoded, understood, or repeatable because the window for execution of the command will be uninitiated by the requestor, in this case a malicous attack who wishes to reproduce a transaction to his withdrawal address, by forging a second transaction or attempting to intercept the encrypted command and keys and resubmit the already processed interaction which has a decaying window to be approved.



i'll update this thread as each task is completed.

i haven't contacted justin today as he is in school, but i would expect an update on his progress with multi market and the fee execution process modification, fixing a vulnerability that allows for doublespending within a users exchange account. thats about it for now.

r3wt
hero member
Activity: 686
Merit: 504
always the student, never the master.
Did you forget to include the link to the open source code, some repo, or anything at all ? Because, you know, otherwise it is not open source.

That's an excellent question. the code will be open source the day the exchange is launched. in its current form and incompleteness, i am not ready to opensource it yet.

Justin is currently modifying the market system of the database to add an identifier for currency pairs. then we will probably switch that to its own database for an extra security measure.

the project is currently at a conservative 60% completion-- saying that,  its fully functional except the withdrawal system, but there are many bugs to work out and adequate security measures to add, plus an api for off site trading.

personally, i am working on porting a version of goosh to the site for commandline based trading, something that should be a unix nerds wet dream.


i'll keep this updated as much as possible. going to a party tonight, check back tommorrow.
sr. member
Activity: 294
Merit: 250
Did you forget to include the link to the open source code, some repo, or anything at all ? Because, you know, otherwise it is not open source.
hero member
Activity: 686
Merit: 504
always the student, never the master.
demo:
http://dev3.openex.pw/

We will be launching later this week.

exchange is 100 percent working. tweaking some code here and there and making some final optimizations.

about all thats left to do as far as basic functionality is fix a small bug. when a user withdraws all coins, the balance record for that coin remains. when the user buys more of that currency or deposits more, a duplicate balance entry is entered, causing the account page to list the first result, which will always be the original balance which was zero upon withdrawal. a fix for this, is to delete the balance upon withdrawal if the remaining balance is zero. should be simple enough, and shouldn't take more than a day to test in different scenarios.

see you all soon. thanks for the help, support, and suggestions.

Pages:
Jump to: