11Mar
How to check authority of sensitive requests between two nodes in cluster?
Assume we have a platform which has some crypto functionalities. the infrastructure is as follows:
- We have two nodes in a cluster, Computer A and Computer B.
- Computer A is the main server which handles many types of requests from clients including withdrawal requests.
- Computer B is responsible for accepting withdrawal requests, ex: send x amount to y address.
- Computer A has a public IP address but computer B doesn't have, both connected within a local network.
- The connection between them is secured using SSL/TLS.
When a user submits a withdrawal request to Computer A, then the main server verifies and validates the balance and destination and then asks Computer B to transfer the amount.
If a user hacks into Computer A, then he can send a fake request to Computer B to transfer x amount to y address.
How can we verify the authority of the request to ensure the balance and destination are valid, which are always validated in app in Computer A, but we cannot verify it if the request is sent by the hacker?
Computer B doesn't have access to resources in Computer A nor anything on the internet.
Are there any standard methods to handle such a situation?
