Consider using user_dev for mediagoblin.db by default

[Aleksej]

MediaGoblin needs to be able to write into user_dev. OK.

When using sqlite, MediaGoblin by default needs to be able to write to mediagoblin.db and mediagoblin.db-journal. That means (at least in the beginning) being able to write to the directory with MediaGoblin itself.

If it not even worse for security, it would be better if mediagoblin.db was in user_dev, so only one directory needs to be writable.

[Ben Sturmfels]

I'm going to be bold and close this old ticket.

I think the broader problem is that the current deployment docs encourage people to install the code and the data in the same place. This is simpler for development, but for production environments should probably use a separate virtualenv. With a separate virtualenv, the mediagoblin directory only contains *.db, *.ini and user_dev. This will also get better once MediaGoblin is packaged for operating systems.

With that in mind, I don't think moving *.db files down a directory significantly improves security. Please let me know if I've overlooked something or if there's a particular vulnerability you're aware of.