Security

Security is a top priority of this project due to the sensitive nature of user generated content. Here are the steps that the admins must take to ensure that users have a confidential and safe environment to reflect:

• All admins with access to the production server must have two-factor security enabled on Github and Heroku (this is good practice admin or not).
• All deployments must pass Django's security checks at the minimum (plus in-house when those are created).
• SECRET_KEY and other confidential keys on production are never to appear in any text files (environment variables are ok).
• Limit access to production database whenever possible. For pre-production testing purposes, use the dev/staging server.

Feel free to add anything else that were left out (there should be plenty).