
Ask HN: What is the most secure way to host a form-driven website for an ICO - ukneecorn
Little context to get the conversation going:<p>I was approached through a friend of a friend of a friend, to help with their ICO - (full disclosure - their product is crap and they just wanted to get into the craze, and I lovingly declined) -<p>BUT it got me thinking about the &#x27;best way&#x27; to host a site for something like this. So I spent a few hours investigating and there isn&#x27;t anything particularly conclusive that seems to incorporate recent events ( ICO hacks, DNS attacks, fakeurls, ransomware, etc ) and I didn&#x27;t seem to find any previous discussion on HN about this, and so here we are..<p>Goal: Host a secure website which takes in user data safely, built to withstand 2018 ICO-attacks, and scale up as needed.<p>HN Goal: Turn this post into a reference point for others to help with their projects<p>Bugs&#x2F;Features:<p>* Verify to the user that they are on the correct site in the first place<p>* Heavily guarded against brute-force attacks ( ssh, dos, mitm, remote exploits, etc )<p>* Capture some user data ( email address, wallet address, Name )<p>* Verify the user is who they say they are - or at least not a duplicate ( Email, 2FA, IP&#x2F;Location tracking, or 3rd-party service )<p>* Provide feedback to the user for a successful entry<p>* Have a scalable-type solution for the DB<p>* Be able to handle &#x27;lots&#x27; of users ( lets pretend needs to be working for: one million ants )<p>Couple of initial ideas for hosting:<p>* Lots of layers of caching ( Multiple CDN and Caching providers )<p>* Serverless Approach ( Lambda + AWS &#x2F; GCE API-driven DB )<p>* Serverfull approach ( ec2 instance w&#x2F; selinux, lock down as much as possible, nginx&#x2F;apache, TLS 1.3, high-bit security keys, etc, etc)<p>* ???<p>* Profit
======
matt_the_bass
Perhaps look at banking software. Try opening an account at Allybank.com. I
have a few accounts there. Note that the initial process required human
interaction.

------
mcintyre1994
I wonder how many responses Google Forms scales to, you'd probably move from
using Sheets as your frontend to the API to query your responses pretty
quickly but I wonder if you can get a million responses there without someone
shutting you down.

That'd give you security and scale, at least as long as the data store behind
it scales, and a standard data entry and confirmation dialog that some users
might even have seen before.

------
nnn1234
Working on very similar things.

What information would you like to capture per user/ project

What happens when people want to do airdrops/ private placements

Look at what harbor is doing, Would love to chat in detail.
Naveen@standardmeta.com

