Internal-Security Finding #4: Unescaped Database Paths

[defuse]

There's not much actual risk here since the database path will (hopefully) be coming from a trustworthy source, but there might be an opportunity to make weird things happen if you can control it: https://github.com/zcash-hackworks/lightwalletd/blob/7726a6752d77269b2ba2af31458b94796cfe681e/cmd/ingest/main.go#L76 For example, it might be possible to inject extra database settings into that URL. Close this by making the code safe under the assumption that the database path is provided by an attacker.

[gtank]

Ideally, this will get swept into changes that enable the use of different data stores anyway.