PKP Bugzilla – Bug 2510
Address email privacy/security concerns
Last modified: 2007-07-30 12:09:46 PDT
We are moving to Git Issues for bug tracking in future releases. During transition, content will be in both tools. If you'd like to file a new bug, please create an issue.
1. Authors may be concerned that they are exposing their email addresses when registering and submitting online.
a) Add a link from the registration form to 2.3 Privacy Statement, where the email policy can be provided by the JM.
b) Hide the author's email address when sending messages from the Reading Tools.
2. Someone may at some point attempt to use OJS as a mail relay. This would not work very well, but just in case:
a) Implement a check to ensure that a single user account isn't sending out emails at too great a rate, i.e. one per thirty seconds
b) Perhaps also implement a check on the maximum number of recipients for users below a certain access level?
1a: The privacy statement is already included on the bottom of the registration form.
a) Added link to bottom of page beside email field (otherwise privacy statement can be overlooked)
b) Author email address now hidden. Should no longer be visible to readers anywhere in the system.
Created attachment 247 [details]
Patch against pre-2.2 CVS
Implemented remaining points. Time between emails (for non-priveleged users) and maximum number of recipients configured in config.inc.php.