Stores imported private keys in public world writable location.

[Spidey01]

Private keys are imported and saved to Android/data/me.sheimi.sgit/files/ssh/ at the getExternalFilesDir(). This location is world readable and writable by every application with access to the shared public storage area.

While being able to backup/restore keys and repositories through that directory structure may be useful, it is generally a BAD idea to say, allow any app with network and /sdcard access to go upload this file or edit it at will. In fact this is exactly why the very popular OpenSSH client program used on PCs refuses to use key files that are world writable or with permissions to loose. SGit has none of this user-protection.

Such sensitive files belong in the SGit applications private directory structure under /data/data/me.sheimi.sgit. Instead of using FsUtils.getDir(), SGitSessionFactory should be using some sort of FsUtils.getPrivateDir() method.

[sheimi]

Thanks, I will fix it in the next version.

[bnjmnt4n]

Closed by #71.