Create strategy doc for authentication and security

[alexfinnarn]

• [ ] Create strategy doc for authentication and security
  • actual end-users
  • connected apps via client ID and secret
  • how to tokenize values to store sensitive info -- look at Mulesoft UI and docs for this example
  • 2FA
  • Add SSL to Postgres connections and any connection that makes sense.
  • Might want to use for auth - https://github.com/Swizec/useAuth
  • For restricting IP ranges, like the VPN, maybe https://github.com/jetersen/express-ipfilter can be used. It has a range of ways to whitelist IPs

---

In Drupal 7, you could add an existing field to a content type. With the idea of splitting up content management across several groups of content editors it is attractive to think how fields could be shared. For instance, a field_campuses that is a taxonomy reference. Many different projects could need to associate content to one or multiple campuses.

However, in Drupal 8, I don't see the same ability in the UI. I know it can be a fool's errand to expect to gain much from reusing fields, and that might be why the UI doesn't include the option anymore. I have yet to find a change record for this, but without reuse it makes sense to prefix the fields with the content or block type name so field_interests becomes field_story_interests.

It might be simple to do this in CUCentralAdvancement/digital-dash-cu-adv#108 or CUCentralAdvancement/digital-dash-cu-adv#60 but leaving here as a note.

[alexfinnarn]

The main readme file is long enough already. Docs could be kept in a wiki or elsewhere but then porting the docs later becomes an issue.

I see no reason to not create a /docs directory with files for Heroku deployments and services, local development setup, and development "rules" like how to create custom modules and structure data. That is three files to start.

• docs/local-development.md
• docs/heroku.md
• docs/drupal-development.md

[alexfinnarn]

adding CUCentralAdvancement/digital-dash-cu-adv#166 to the readme made me think again that the readme is too large and needs broken up.

[alexfinnarn]

A lot of what was learned in this project can be transferred as general Heroku knowledge.

[alexfinnarn]

make sure to add notes from https://github.com/CUCentralAdvancement/heroku-docs/issues/2 to these docs in a security readme.

[alexfinnarn]

Create strategy doc for authentication and security

• actual end-users
• connected apps via client ID and secret
• how to tokenize values to store sensitive info -- look at Mulesoft UI and docs for this example

[alexfinnarn]

For restricting IP ranges, like the VPN, maybe https://github.com/jetersen/express-ipfilter can be used. It has a range of ways to whitelist IPs.

[alexfinnarn]

Add SSL to Postgres connections and any connection that makes sense.

[stale[bot]]

Since y'all haven't touched me in 60 days, I feel unwanted and will close up shop after 7 more days. If you want to keep me alive, add the "pinned" or "security" labels...but don't be cruel. More info found at https://github.com/CUCentralAdvancement/github-docs/blob/main/docs/github/stalebot.md