Re: [Rhythmbox-devel] Cover Art and Credit Card Safety

[Adam Zimmerman <adam_zimmerman sfu ca>]

On Wed, 2008-08-06 at 23:37 +0200, Maximilian Schwerin wrote:
> 2) I tried to find a word about how credit card data is handled when buying from 
> magnatune via rhythmbox. I guess you do all you can to make this safe but I do 
> believe this subject justifies a BIG section in the help files and the FAQ on 
> your webpage explaining what you do to keep the data safe. Not knowing anything 
> about the way you handle the data is a reason not to use it for me...

At the moment, credit card data isn't stored at all. You have to
re-enter it every time you make a purchase. Basically, the only way I'd
be comfortable storing CC info is in the gnome keyring, and when I last
tried to implement it there were problems with the python bindings. That
was a while ago, so if I get some free time this year I might try again.

The method used to actually send the data to Magnatune is in the URL of
an SSL-secured HTTP request, so the data is protected (assuming gnomeVFS
actually verifies the SSL certificate from the remote server). That's
the only way Magnatune supports getting CC info from external clients
(well, there is *unsecured* HTTP, but I'm not going to use that :), so
it's not going to change.

--
Adam Zimmerman <adam_zimmerman sfu ca>

CREATIVITY  - http://mirrors.creativecommons.org/movingimages/Building_on_the_Past.mpg
ALWAYS      - http://www.musiccreators.ca/
BUILDS      - http://www.ubuntu.com/
ON THE PAST - http://www.theopencd.org/
--

You will always get the greatest recognition for the job you least like.