There has been a lot of FUD around this, so I thought I’d share my experience with how I did it, with LND.
Access control to LND is done via some sort of super-cookies called Macaroons. They can have all sorts of limitations – time limits, ip-address limit and limits on what kind of operations you can do when using them.
In LND, there exists a macaroon called an invoice macaroon. With this, you can basically do only two things:
- Create an invoice
- Check if an invoice is paid.
You can not pay invoices, you can not send bitcoin, you can not close or open channels. Only generate invoices or check if they are paid. This is incidentally all a shop like this one needs! So this shop holds no bitcoin, and holds no credentials to spend any bitcoins. It does, however, hold access to a token that makes it possible to create invoices to make it possible to pay me bitcoin.
Sounds dangerous? Not too much!