If I wanted to set up a web-service that kept a live hotwallet with the ability to send bitcoin. How difficult would it be to set it up so that only stored address's (linked to a offline wallet) would be possible recipients?

It might sound like a weird request. but say I wanted to use bitcoin in a closed environment. (only between wallets I own) And thereby making it less likely to be compromised.

intruder would have have to first inject his own address then compromise the hot wallet system. I could easily have a secondary server that stores all the approved address's as a redundancy.

thoughts?