I don’t use Django (Flask here!), but one approach that might work is creating a user for the app. This has the additional benefit in that it would allow you to assign exactly the permissions the app needs to operate and no more. This limits privilege escalation when your app is compromised, and prevents myuser from being blamed for everything that the app user does. It also allows you to work in a group, where each group member can su into the app user and perform actions as needed. You can use file permissions to control a number of things, but also limit database access to this user, and even allow it to safely reload Apache automatically (using sudoers to allow that but nothing else) in a continuous integration type of setup.
--
Kyle Marek-Spartz
>--
>Meetings Schedule / RVSP on our Meetup at
http://python.mn
>---
>You received this message because you are subscribed to the Google Groups "PyMNtos" group.
>To unsubscribe from this group and stop receiving emails from it, send an email to
pymntos+u...@googlegroups.com.
>For more options, visit
https://groups.google.com/groups/opt_out.
>