pydanny
commented
10 years ago In Chapter 5 we do submit the use of non-executable secrets files, which can be stored in any serializable format desired. Our example is in JSON, but any format will do. In fact, we did this for two reasons: the first was to support Apache users, the second was for users in systems where the deployment considerations made environment variables not an acceptable options. I argue your concerns simply provide another reason to validate our presentation of this option.
As for multiple web applications on one server, should we ever update the book, I will probably add:
"Considering the affordability and ease of standing up a new server, we recommend not hosting more than one application on a single web server."
It's not just a security issue, it's also a performance issue. Any time I've been in a place where more than one project was allowed to be hosted on a single server, someone suffered because someone else choked up resources.
In section 5.3 the use of environment variables is recommended to store secrets. However, environment variables can easily be leaked to other processes on the system which makes them less suitable for secret information.
For example, ps axeww lists environment variables for a large number of processes.
Environment variables should only be used if a dedicated user is used for the application and if this application does not start any other unrelated processes because environment variables are leaked to subprocesses.
Having a webserver serve multiple applications is also not easily possible when using environment variables.
It is easier to secure access to a single configuration file with access permissions than to prevent environment variables leaking.
As an alternative, we only have our production settings under revision control on the production environment (separate from development repositories).