I didn't say you shouldn't use wallets, just don't use the naive approach of having a plain wallet in a computer that's exposed via bitcoind. That's asking for it.
Cryptography is hard, but you can use this for instance:
It's already prepackaged for you. Give it a good read if you don't know it.
Free, Open Source, etc. And the author is a nice chap.
It's not the only way. But whatever you do, just don't keep a massive hot wallet in a server that's online. They will find it and if you move enough money they will put massive amounts of effort into hacking it.
Did you read my original comment? You basically just described a solution that mirrors my own, which was to send x percentage of your balance to an off-site wallet (maximizing x to the extent possible, obviously). I didn't get into how to securely store your coins off-site, since that wasn't the question.
EDIT: BTW, you do realize that Armory is a front-end to bitcoind, right? You still have to run bitcoind for Armory to work.
From their Github page:
"Armory has no independent networking components built in.
Instead, it relies on on the Satoshi client to securely connect
* to peers, validate blockchain data, and broadcast transactions
* for us. Although it was initially planned to cut the umbilical
* cord to the Satoshi client and implement independent networking,
* it has turned out to be an inconvenience worth having.
* Reimplementing all the networking code would be fraught with bugs,
* security holes, and possible blockchain forking. The reliance
* on Bitcoin-Qt right now is actually making Armory more secure!"
Yes, that's fine. But the rest of the elements are non-trivial and you left them "as an exercise for the reader". This usually means that the reader will just run the standard client with a full internet connection and get hacked to high hell.
You can have a computer with a firewall and a custom protocol connected to another system, and still get hacked, if you don't put in place the sort of measures Armory uses.
Read carefully what you quoted: "it relies on on the Satoshi client to securely connect * to peers, validate blockchain data, and broadcast transactions * for us" - that is not the actual problem when you have your server rooted. The problem is KEYS. Key generation, and key storage/management. Which no other common solutions that I know do in a way that won't get your arse robbed if the computer storing the wallet is compromised. Which I think is a big deal.
actually, come to think of it, you just need to provide a Bitcoin address for payments to be sent to and a form that takes the customer's own address so you can know who paid and for what.
Yes, absolutely. If you're thinking of a low-volume, semi-manual system, you can simply generate a list of addresses, store them on a DB, and display them to customers for payment. Then send out your product/service once you verify payment has cleared on the Blockchain Explorer. That's a good, simple, low-tech way of taking care of things, as long as you carefully match addresses to customers and take care to securely store the wallet you used to generate the addresses. But assuming you can program, it's not hard to implement an automated payment processor, or to integrate a third-party API. Please don't be scared off by alarmists. As long as you are taking care not to store large sums of Bitcoins on your server, there's no problem. You can easily set a cron job to move the full balance off your wallet every minute to a cold, air-gapped, inaccessible, off-site wallet (Armory looks good for storage). As long as you're not distributing bitcoins (like exchanges have to do), you don't need to worry about keeping a large sum on the wallet you use for your app. Please feel free to contact me at the address on my profile if you have any questions (my user name is my real name).
I didn't say you shouldn't use wallets, just don't use the naive approach of having a plain wallet in a computer that's exposed via bitcoind. That's asking for it.
Cryptography is hard, but you can use this for instance:
http://bitcoinarmory.com/using-offline-wallets-in-armory/
It's already prepackaged for you. Give it a good read if you don't know it. Free, Open Source, etc. And the author is a nice chap.
It's not the only way. But whatever you do, just don't keep a massive hot wallet in a server that's online. They will find it and if you move enough money they will put massive amounts of effort into hacking it.