Storing secure keys on Ubuntu web server

django nginx ubuntu ubuntu-12.04 gunicorn

Solution 1:

You can set user and group IDs in gunicorn configuration that will be used by the worker processes. Set the environmental variables in file owned by root and without read permissions (rw-------). This will save your compromised www-data proccess from reading data directly from configuration file, but compromised www-data proccess can still read variables directly from memory.

ps. +1 for DUNG :)

Related

Intermittent NFS lockups on Isilon cluster
I can't run uwsgi as regular user
Do we need to explicitly pass php.ini's location to php-fpm?
RFC 2616 with Apache 2.4
Cannot access Ubuntu server behind Huawei Router with port forwarding
AWS RDS MySQL remote connection extremely slow
L2TP over IPSec VPN with OpenSwan and XL2TPD can't connect, timeout on Centos 6
iptables: building a rule set against abuse for DNS amplification attacks
How to make a RHEL repo static for a specific release
DNS issues on Google compute engine
.htaccess redirect all extension to php
How to monitor Windows Server events with Centreon Nagios