I have a lots of ideas to help this...
As for example, I´m gonna build some kind of online Wallet storage based on Eucalyptus and Ubuntu (open source Cloud Computing).
1- Each user will have its own private Bitcoin / wallet.dat "instance";
2- The wallet.dat will be stored withing the "Walrus" (Eucalyptus persistent storage);
3- The Ajax interface can have a "backup wallet button", wich stores your wallet within GmailFS, DropBox, or download it directly to your compúter. Also, after every transaction, the system can automatically backup your wallet in any place you want (pre-configured).
4- The users will be able to download the wallet.dat to its own computer and open it with Bitcoin software;
5- The users of this system, will not have access to the "Cloud Frontend", the bitcoin/wallet will be accessed through a Web Ajax Interface only;
6- The persistent storage of users wallet (Walrus) will be encrypted with the user password, so, the Eucalyptus administrator (ME and my team) will NOT have access to ANY wallet.dat, never.
As for example, I´m gonna build some kind of online Wallet storage based on Eucalyptus and Ubuntu (open source Cloud Computing).
1- Each user will have its own private Bitcoin / wallet.dat "instance";
2- The wallet.dat will be stored withing the "Walrus" (Eucalyptus persistent storage);
3- The Ajax interface can have a "backup wallet button", wich stores your wallet within GmailFS, DropBox, or download it directly to your compúter. Also, after every transaction, the system can automatically backup your wallet in any place you want (pre-configured).
4- The users will be able to download the wallet.dat to its own computer and open it with Bitcoin software;
5- The users of this system, will not have access to the "Cloud Frontend", the bitcoin/wallet will be accessed through a Web Ajax Interface only;
6- The persistent storage of users wallet (Walrus) will be encrypted with the user password, so, the Eucalyptus administrator (ME and my team) will NOT have access to ANY wallet.dat, never.
Playing the role of the malignant admin again
3. Sounds like the perfect way for a rogue admin to backup a wrong/empty wallet over-writing the user's backup. Or it might not even need to be malicious, a bug could cause the backup wallet to be wiped. Furthermore, sending it to yet another external system seems to be increasing the vectors by which the wallet could be stolen/attacked.
6. Doesn't stop a rogue admin from capturing the user's passwords in the first place to use for decryption
