libubuntuone

No indication that payment pages are secure

Bug #527701 reported by Stuart Langridge on 2010-02-25

This bug affects 5 people

Affects		Status	Importance	Assigned to	Milestone
	libubuntuone	Fix Released	Low	Stuart Langridge

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There should be some indication that payment pages in the store are
secure, perhaps with a padlock in the status bar.

affects rhythmbox-ubuntuone-music-store
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuGW2oACgkQk9furQwNFBQj2QCeJ1iwuNW3mTpHIDQeCO5y9CVx
78YAnAxNDoI66KvC+uMpvSJLzEwW6JvU
=VSlP
-----END PGP SIGNATURE-----

Tags:

Related branches

lp:~sil/libubuntuone/secure-padlock

Merged into lp:libubuntuone

Rodrigo Moya (community): Approve on 2010-03-29

lp:ubuntu/lucid/libubuntuone

Joshua Hoover (joshuahoover) on 2010-02-25

tags:	added: desktop+ music-store u1-lucid
Changed in rhythmbox-ubuntuone-music-store:
status:	New → Confirmed
assignee:	nobody → Ubuntu One Desktop+ team (ubuntuone-desktop+)

Stuart Langridge (sil) on 2010-03-08

Changed in rhythmbox-ubuntuone-music-store:
importance:	Undecided → Low

Revision history for this message

Stuart Langridge (sil) wrote on 2010-03-12:

Assigning to mt for visual design thoughts.

Changed in rhythmbox-ubuntuone-music-store:
assignee:	Ubuntu One Desktop+ team (ubuntuone-desktop+) → Mat Tomaszewski (mat.t.)

Revision history for this message

Mat Tomaszewski (mat.t.) wrote on 2010-03-23:

RB_secure.jpg Edit (321.3 KiB, image/jpeg)

Mockup and the icon attached. The position should be fixed, bottom right, on top of any content.

Revision history for this message

Mat Tomaszewski (mat.t.) wrote on 2010-03-23:

lock.png Edit (225 bytes, image/png)

Mat Tomaszewski (mat.t.) on 2010-03-23

Changed in rhythmbox-ubuntuone-music-store:
assignee:	Mat Tomaszewski (mat.t.) → Stuart Langridge (sil)

Matt Griffin (mattgriffin) on 2010-03-23

tags:

added: 7digital

Matt Griffin (mattgriffin) on 2010-03-24

tags:

added: payment

Revision history for this message

Matt Griffin (mattgriffin) wrote on 2010-03-24:

Should show on the Choose Card page and the My Downloads page.

Matt Griffin (mattgriffin) on 2010-03-25

tags:

removed: 7digital

Revision history for this message

Matt Griffin (mattgriffin) wrote on 2010-03-25:

mt - Is the current ssl cert icon sufficient? It doesn't display on the My Downloads page.

Revision history for this message

John O'Brien (jdobrien) wrote on 2010-03-25: Re: [Bug 527701] Re: No indication that payment pages are secure

On 03/24/2010 10:42 PM, Matt Griffin wrote:
> mt - Is the current ssl cert icon sufficient? It doesn't display on the
> My Downloads page.
>
>
It doesn't display in rhythmbox when you enter your card information.

Revision history for this message

Chris Woollard (cwoollard) wrote on 2010-03-26:

There should probably be a way to view the ssl certificate as well. Just like you can in a web browser.

e.g. click on the secure icon.

thanks
chris

Revision history for this message

Mat Tomaszewski (mat.t.) wrote on 2010-03-26:

@ Matt Griffin

Are you asking about the padlock icon? I think it is sufficient, but it should appear in the Rhythmbox status bar and, indeed, display the ssl certificate in the new gtk window when clicked.

Revision history for this message

Chris Woollard (cwoollard) wrote on 2010-03-26:

That is exactly what I mean.

Thanks
chris

Revision history for this message

Martin Meredith (mez) wrote on 2010-03-26:

#10

Personally, a padlock icon in rhythmbox wouldn't suffice for me, as that could easily be "faked" ... and, well, we could potentially have a MITM with a cheap SSL certificate (CACert maybe, if that's included).

I'd personally like to see an external page load up in my browser, where I can confirm the details and "register" my card or paypal account (though, whether you're storing the CCs is a different matter! - and a bigger security risk!)

It's a bit of a tough one really... if not storing, maybe an external site that allows you to buy "vouchers" that get linked to your U1 account? And for paypal - a "payment agreement" ?

Rodrigo Moya (rodrigo-moya) on 2010-03-29

Changed in rhythmbox-ubuntuone-music-store:
assignee:	Stuart Langridge (sil) → Rodrigo Moya (rodrigo-moya)
status:	Confirmed → In Progress

Stuart Langridge (sil) on 2010-03-29

Changed in rhythmbox-ubuntuone-music-store:
assignee:	Rodrigo Moya (rodrigo-moya) → Stuart Langridge (sil)

Stuart Langridge (sil) on 2010-03-30

Changed in rhythmbox-ubuntuone-music-store:
status:	In Progress → Fix Committed
affects:	rhythmbox-ubuntuone-music-store → libubuntuone

Stuart Langridge (sil) on 2010-04-07

Changed in libubuntuone:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

libubuntuone

No indication that payment pages are secure

Bug Description

Related branches

Other bug subscribers

Related questions

Bug attachments

Remote bug watches