[PICARD-839] Picard 1.3.2 shows cleartext username & password on status line when errors occur - MetaBrainz JIRA

Details

Type: Bug
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: 1.3.2
Fix Version/s: 1.4
Component/s: User Interface
Labels:
None
Environment:
Linux Mint 17.3, Ubuntu Studio 14.04

Description

When errors occur (like the collection server not responding), Picard shows the error in the GUI's status line, including http requests containing username & password in clear text. I regard this as a double security problem:

Firstly, the username and password get shown for everyone to read in the status bar.

Secondly, even with https requests, apparently the username & password get transmitted over the net in clear text, like in the example shown? (https://username:password@musicbrainz.org/ws/2/collection)

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

2016-08-15-picard1.3.2-statusbar.png
13 kB
2016-08-15 10:11 AM

Activity

People

Assignee:

Unassigned

Reporter:

Moonbase

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2016-08-15 10:11 AM

Updated:

2017-01-26 9:12 PM

Resolved:

2017-01-26 8:45 PM