undefined | Better HN

0 pointsfiiv7y ago0 comments

A sensible question.

Firstly, from a philosophical perspective I am at no point exposing emails of subscribers to the blog owners. The communications they send to those subscribers are limited to what's published in the RSS feed (once per new post).

As for in terms of infrastructure and app design, I contemplated the idea of implementing some kind of encryption or email alias system for a while, but ultimately decided against it. Some basic reasons are the ones also shared in the answers to this question on Stackoverflow:

https://stackoverflow.com/questions/767276/what-is-the-best-...

Since there is no direct access to emails via the logged in user's interface nor is there any kind of public or semi-public database access (through for example an API – the app is entirely server-side rendered), I already limit the damage that can be done through spoofed or stolen credentials (everything from a stolen password to a spoofed or stolen auth cookie).

The database does store emails of course, but the db is isolated from the application on a different server. At launch I used a Heroku hosted database but I'm planning to provision a database environment that is only open to private network IP access.

I'm also definitely interested in beefing it up further. Any advice?

0 comments

2 comments · 1 top-level

jamieweb7y ago· 1 in thread

Thanks for the info - it sounds like you've got things locked down pretty well already. The key bit as you say is the fact that the emails are stored on a system that is not publicly accessible.

My biggest worry with anything like this is that if there is a breach at Blogsend that affects the readers of my blog, I'm still responsible for it as I'm the one who put the form on my site and encouraged my readers to enter their email address.

The last thing I want to have to do is use Blogsend to send a "Notice of data breach" email! :)

I've run my own similar system before (just for my blog) where readers could enter their email address, verify it and then receive notifications when I post. However, I discontinued this system as I didn't want the burden of storing personal data like that.

One think you could check out is adding security HTTP response headers - your site is pretty clean and simple so it should be relatively easy to get it locked down tightly. See https://securityheaders.com/.

fiivOP7y ago

> The last thing I want to have to do is use Blogsend to send a "Notice of data breach" email! :)

No one wants to have to send any of those emails, least of all me/Blogsend ;)

> One think you could check out is adding security HTTP response headers - your site is pretty clean and simple so it should be relatively easy to get it locked down tightly. See https://securityheaders.com/.

Thanks for the tip! I've added this to my todos!

j / k navigate · click thread line to collapse