I studied lots of valuable q&a here, but still I have some doubts.
Case - simple game (calm down - I'm not one of the rookies creating exchange as seen here), which allows to pay for a game. The character of the gameplay forces us to create virtual balance for each player and create payouts on daily basis/request.
- compiled bitcoind client is running on encrypted wallet in background
- creating in advance pool of addresses
- assigning free address to registered user
- listen for incoming transactions/confirmations
- on 6th confirmation we add transaction to user balance
Where I need guidance / pro advice:
- strip my runnning bitcoind client with wallet from holding private keys (I've read about it but don't know how to achieve it properly)
- many guides advice to run bitcoind client on other machine - but how to setup secure communication between two machines (vpn?), if someone gains access to game server, it doesn't matter where client is located (right?)
- as private keys are stored away, how I can deal with payout requests? Are there known practices in that field? I've read https://bitcoinsecurityproject.org/SecureApplicationArchitecture/, but can't imagine real world example/process
Last but not least - if users send coins to private addresses created in one wallet, which private key should sign a transaction? As you probably see, I'm confused with some "basics" after research here :)
I found steps to sign transaction offline (http://people.xiph.org/~greg/signdemo.txt) is it preferable way in real world apps?