Setting up a secure ecommerce site: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Sgornick (talk | contribs)
Add See Also section with entry for Securing online services.
Parliament (talk | contribs)
m add category
Line 18: Line 18:


* [[Securing online services]]
* [[Securing online services]]
[[Category:Instructional]]

Revision as of 12:30, 28 August 2012

Upload a large collection of public addresses to your server, and go through them for orders. Don't host a bitcoind controlled wallet on your server, as that just creates a reason to attack your server. It also just becomes a potential attack vector if you set it up to respond to api requests.

You can use blockexplorer's api to check the balance on an address and mark it as complete and do whatever you do with your goods for paid orders. Don't recycle public addresses, just make more.

Using this fork of pywallet: https://github.com/RobKohr/pywallet

that imports a list of private keys in a text file (option importprivkeyfile). I open a csv in excel that I created from copying a bunch of addresses from http://www.bitaddress.org. The private addresses column I save to one text file, and import it into my wallet using pywallet. The public addresses I import into a database for the server. I use mongodb, but really any database works. Here is the basic table format for the table address_pool:

| public_address - varchar | used - boolean, default false

When I create an order, I grab a public address where used is false, and update that row to set used = true. I stick that public address in my order table with the users order info, and then show them the public address to pay to.

Nice, simple, and secure, and doesn't require any outside payment processer looking to skim a profit off of my sales.

See Also