No indication that payment pages are secure

Bug #527701 reported by Stuart Langridge on 2010-02-25
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
libubuntuone
Low
Stuart Langridge

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There should be some indication that payment pages in the store are
secure, perhaps with a padlock in the status bar.

 affects rhythmbox-ubuntuone-music-store
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuGW2oACgkQk9furQwNFBQj2QCeJ1iwuNW3mTpHIDQeCO5y9CVx
78YAnAxNDoI66KvC+uMpvSJLzEwW6JvU
=VSlP
-----END PGP SIGNATURE-----

Related branches

tags: added: desktop+ music-store u1-lucid
Changed in rhythmbox-ubuntuone-music-store:
status: New → Confirmed
assignee: nobody → Ubuntu One Desktop+ team (ubuntuone-desktop+)
Stuart Langridge (sil) on 2010-03-08
Changed in rhythmbox-ubuntuone-music-store:
importance: Undecided → Low
Stuart Langridge (sil) wrote :

Assigning to mt for visual design thoughts.

Changed in rhythmbox-ubuntuone-music-store:
assignee: Ubuntu One Desktop+ team (ubuntuone-desktop+) → Mat Tomaszewski (mat.t.)
Mat Tomaszewski (mat.t.) wrote :

Mockup and the icon attached. The position should be fixed, bottom right, on top of any content.

Mat Tomaszewski (mat.t.) wrote :
Mat Tomaszewski (mat.t.) on 2010-03-23
Changed in rhythmbox-ubuntuone-music-store:
assignee: Mat Tomaszewski (mat.t.) → Stuart Langridge (sil)
tags: added: 7digital
tags: added: payment
Matt Griffin (mattgriffin) wrote :

Should show on the Choose Card page and the My Downloads page.

tags: removed: 7digital
Matt Griffin (mattgriffin) wrote :

mt - Is the current ssl cert icon sufficient? It doesn't display on the My Downloads page.

On 03/24/2010 10:42 PM, Matt Griffin wrote:
> mt - Is the current ssl cert icon sufficient? It doesn't display on the
> My Downloads page.
>
>
It doesn't display in rhythmbox when you enter your card information.

Chris Woollard (cwoollard) wrote :

There should probably be a way to view the ssl certificate as well. Just like you can in a web browser.

e.g. click on the secure icon.

thanks
chris

Mat Tomaszewski (mat.t.) wrote :

@ Matt Griffin

Are you asking about the padlock icon? I think it is sufficient, but it should appear in the Rhythmbox status bar and, indeed, display the ssl certificate in the new gtk window when clicked.

Chris Woollard (cwoollard) wrote :

That is exactly what I mean.

Thanks
chris

Martin Meredith (mez) wrote :

Personally, a padlock icon in rhythmbox wouldn't suffice for me, as that could easily be "faked" ... and, well, we could potentially have a MITM with a cheap SSL certificate (CACert maybe, if that's included).

I'd personally like to see an external page load up in my browser, where I can confirm the details and "register" my card or paypal account (though, whether you're storing the CCs is a different matter! - and a bigger security risk!)

It's a bit of a tough one really... if not storing, maybe an external site that allows you to buy "vouchers" that get linked to your U1 account? And for paypal - a "payment agreement" ?

Changed in rhythmbox-ubuntuone-music-store:
assignee: Stuart Langridge (sil) → Rodrigo Moya (rodrigo-moya)
status: Confirmed → In Progress
Stuart Langridge (sil) on 2010-03-29
Changed in rhythmbox-ubuntuone-music-store:
assignee: Rodrigo Moya (rodrigo-moya) → Stuart Langridge (sil)
Stuart Langridge (sil) on 2010-03-30
Changed in rhythmbox-ubuntuone-music-store:
status: In Progress → Fix Committed
affects: rhythmbox-ubuntuone-music-store → libubuntuone
Stuart Langridge (sil) on 2010-04-07
Changed in libubuntuone:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related questions