Closed
Bug 759021
Opened 12 years ago
Closed 12 years ago
Let consumer require PIN for purchases from marketplace
Categories
(Marketplace Graveyard :: Payments/Refunds, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: rforbes, Unassigned)
References
()
Details
if a users browserid is cached a PIN must be required for purchases from the marketplace.
|
||
Comment 1•12 years ago
|
||
Is there a way to tell if the browserid is cached?
|
||
Comment 2•12 years ago
|
||
(In reply to Andy McKay [:andym] from comment #1) > Is there a way to tell if the browserid is cached? I'm interpreting 'cached' as the user was already logged in to browserid when they went to pay (we will get an assertion back from the service).
|
||
Comment 3•12 years ago
|
||
FYI that spec that's being discussed for this is in https://wiki.mozilla.org/Marketplace/Features/Purchase_PIN As proposed we'd be encrypting keys using the PIN so for users that opt in we would always need their PIN, regardless of browserid state.
|
|
||
Comment 4•12 years ago
|
||
is a PIN still required? Some email threads lately suggest otherwise.
|
Reporter | |
Comment 5•12 years ago
|
||
the PIN is a required feature but it is optional for the user to enable. if that makes sense.
|
|
||
Comment 6•12 years ago
|
||
(In reply to Raymond Forbes[:rforbes] from comment #5) > the PIN is a required feature but it is optional for the user to enable. if > that makes sense. ok, that's what I thought too. I clarified the description here
Summary: Require PIN for purchases from marketplace → Let consumer require PIN for purchases from marketplace
|
||
Comment 7•12 years ago
|
||
P3 for this milestone, thanks andym
Severity: blocker → normal
Priority: P1 → P3
|
|
||
Comment 8•12 years ago
|
||
(In reply to Justin Scott [:fligtar] from comment #3) > As proposed we'd be encrypting keys using the PIN so for users that opt in > we would always need their PIN, regardless of browserid state. The PIN (for PayPal at least) is stored on the PayPal server. We never see it and can't use it for any encryption.
|
|
||
Comment 9•12 years ago
|
||
Sorry, I misunderstood. This isn't the PayPal PIN, but our own marketplace PIN that would allow us to encrypt / decrypt any user data. I'll remove the relevant bugs and rewrite them.
|
|
Reporter | |
Comment 10•12 years ago
|
||
This PIN will no longer be used for encryption/decryption of user data. This is purely to gate purchases.
|
|
||
Comment 11•12 years ago
|
||
For now at least, as per payment spec "The purchasing PIN previously planned for Marketplace is on hold."
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•