Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add note about security tiers #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add note about security tiers #3

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions docs/SECURITY_TIERS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
In another note, I went over avoiding having everything visible by default to
any authenticated admin or moderator, to avoid caching issues. Deeper in this is
a desire to stick to the principle of least privilege pretty closely, and to
have an ease of use for normal authenticated work without having the security
hassle associated with the rigorous authentication needed for finer, less common
operations.

The basic gist of it is additional factors of security as you go up in access.
Basic moderation is availble after one factor, stronger moderation after a
second, site administration after a third, and arbitrary execution after a
fourth. This is a tad overkill, probably, but it's worth it to do it right, and
I think it'll be a learning experience.