Setting up a secure ecommerce site: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Robkohr (talk | contribs)
Created page with "Upload a large collection of public addresses to your server, and go through them for orders. Don't host a bitcoind controlled wallet on your server, as that just creates a re..."
 
Belcher (talk | contribs)
merge suggestion with Merchant_howto
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{merge|Merchant Howto}}
Upload a large collection of public addresses to your server, and go through them for orders. Don't host a bitcoind controlled wallet on your server, as that just creates a reason to attack your server. It also just becomes a potential attack vector if you set it up to respond to api requests.
Upload a large collection of public addresses to your server, and go through them for orders. Don't host a bitcoind controlled wallet on your server, as that just creates a reason to attack your server. It also just becomes a potential attack vector if you set it up to respond to api requests.


Line 14: Line 16:


Nice, simple, and secure, and doesn't require any outside payment processer looking to skim a profit off of my sales.
Nice, simple, and secure, and doesn't require any outside payment processer looking to skim a profit off of my sales.
==See Also==
* [[Securing online services]]
[[Category:Instructional]]

Latest revision as of 18:10, 4 July 2017

It has been suggested that this article is merged with Merchant Howto.

Upload a large collection of public addresses to your server, and go through them for orders. Don't host a bitcoind controlled wallet on your server, as that just creates a reason to attack your server. It also just becomes a potential attack vector if you set it up to respond to api requests.

You can use blockexplorer's api to check the balance on an address and mark it as complete and do whatever you do with your goods for paid orders. Don't recycle public addresses, just make more.

Using this fork of pywallet: https://github.com/RobKohr/pywallet

that imports a list of private keys in a text file (option importprivkeyfile). I open a csv in excel that I created from copying a bunch of addresses from http://www.bitaddress.org. The private addresses column I save to one text file, and import it into my wallet using pywallet. The public addresses I import into a database for the server. I use mongodb, but really any database works. Here is the basic table format for the table address_pool:

| public_address - varchar | used - boolean, default false

When I create an order, I grab a public address where used is false, and update that row to set used = true. I stick that public address in my order table with the users order info, and then show them the public address to pay to.

Nice, simple, and secure, and doesn't require any outside payment processer looking to skim a profit off of my sales.

See Also