Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Normal
-
Resolution: Fixed
-
Affects Version/s: 1.3.2
-
Fix Version/s: 1.4
-
Component/s: User Interface
-
Labels:None
-
Environment:Linux Mint 17.3, Ubuntu Studio 14.04
Description
When errors occur (like the collection server not responding), Picard shows the error in the GUI's status line, including http requests containing username & password in clear text. I regard this as a double security problem:
Firstly, the username and password get shown for everyone to read in the status bar.
Secondly, even with https requests, apparently the username & password get transmitted over the net in clear text, like in the example shown? (https://username:password@musicbrainz.org/ws/2/collection)