I'm writing an app that government organizations use for project management and other functionality, and, using the same app, open areas for citizen engagement, for example, crowdsourcing citizen ideas for government projects.
Citizens and government share the same data.
Everything is locked down meticulously using decorators, db.auth_group, SSL, but are there design improvements I can make to improve security, for example, only allowing citizen access via API so that they are not directly querying the shared tables?
Are there specific risks when government classified information is stored in same Postgres database that citizens use to engage with government?
thanks,
Alex Glaros