Closed jmorahan closed 1 year ago
Name | Link |
---|---|
Latest commit | 4c19d1aa9cb0c28ddd73c294b02db37a356b516e |
Latest deploy log | https://app.netlify.com/sites/inspiring-euclid-d918c8/deploys/643d4fb3784ffe00083283e8 |
Deploy Preview | https://deploy-preview-175--inspiring-euclid-d918c8.netlify.app |
Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site settings.
Thanks @jmorahan Looks good in preview: https://deploy-preview-175--inspiring-euclid-d918c8.netlify.app/devs/security-best-practices.html
We will have to decide where it sites in the menus, but perhaps we'll merge and then create a new PR for this. Will discuss at Merge Monday.
Thanks @jmorahan for doing this work and the PR - it's invaluable info
Ditto, thanks @jmorahan, the info and recommendations are great!
We were discussing the audience for security recommendations like this in Merge Monday briefly when exploring where this might sit in the documentation menu. Currently we have some top level navigation based on role: developer, designer, content designer etc. Seems to me to sit under developer most logically, but it also is quite different in style to the other pages in that section. We also noted we might have too many top level sections and wondered if @msayoung had thoughts on this already.
Then we noted that we are missing a whole section on best-practices for hosting, deployment, devops etc. and that this would be a logical extension to that: hardening up your live site. So maybe we want a new section under developers for deployment, performance and security best practice?
The other thing that occurs to me is that maybe there are other modules that could be recommended alongside this, like https://www.drupal.org/project/seckit, https://www.drupal.org/project/csp.
(@andybroomfield which security modules did you end up using on your site?)
Let's discuss at the Tech Group governance meeting this week. 4pm Wednesday (happy to invite any interested parties, ping me on Slack).
This is great, thanks @jmorahan
I suggest we add it under Developers / Best practices We can add other best practices as we find them
Here's the document with our recommended best practices from the pen test, converted to markdown.