Silk Road forums

Discussion => Security => Topic started by: jameslink2 on August 11, 2012, 04:21 pm

Title: Looking for some technical input (bitcoind/JSON-RPC/php/etc.)
Post by: jameslink2 on August 11, 2012, 04:21 pm
So, over the last month or so I have been teaching my self how to use php and integrate it with bitcoind via the JSON-RPC calls.

So far I have a functioning bitcoin wallet via a php website that has the ability to create wallets when a new account is created, send and receive coins and display the transaction information on any transaction that has occurred in the wallet.

The authentication and session management is being handled by a library called ulogin (http://ulogin.sourceforge.net/) which provides secure session management. This library gives me the ability to add information/variables to the session for storage across all page accesses during the session.

My questions is, does anyone see any security issues, or is there a best practice for using the session variables? In other words, is it safe to load a session variable with personal information or should each module of the web site query the db and propagate local variables with the information?


Title: Re: Looking for some technical input (bitcoind/JSON-RPC/php/etc.)
Post by: Pai gow on August 11, 2012, 04:39 pm
Are you creating your own instawallet type clone or something? If so there is already a full python script out for it that's already in use to create escrow type sites if you wanted, though I personally would just fill the db with pre-gen bitcoin addresses and not keep the wallet online at all due to Linode hack, BTC-E.com missing coins, Bitcoinica mass robbery, ect.
Title: Re: Looking for some technical input (bitcoind/JSON-RPC/php/etc.)
Post by: jameslink2 on August 11, 2012, 05:25 pm
I am not doing an instawallet clone. I am working on something that is a little different that anything I have seen available. I have seen the other wallets and the opensource stuff and it was not even close to what I was looking for.

Any other input?