OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki

PKP Support

Support forums for the Public Knowledge Project

Skip to content


Software Hosting and Development Services available at PKP Publishing Services

As the developers of Open Journal Systems, Open Conference Systems, Open Harvester Systems, and Open Monograph Press, the PKP team are experts in helping journal managers and conference organizers make the most of their online publishing projects. PKP Publishing Services offers support for:

As a customer of PKP Publishing Services, you will not only receive direct, personalized support from the PKP Development Team, but will be contributing to the ongoing development of the PKP applications. All funds raised by PKP Publishing Services go directly toward enhancing our free, open source software. For more information, please contact us.

Do not email back passwords

OJS development discussion, enhancement requests, third-party patches and plug-ins.

Moderators: jmacgreg, michael, jheckman, barbarah, btbell, bdgregg, asmecher

Forum rules
Developer Resources:

Documentation: The OJS Technical Reference and the OJS API Reference are both available from the OJS Documentation page.

Git: You can access our public Git Repository here. Comprehensive Git usage instructions are available on the wiki.

Bugzilla: You can access our Bugzilla report tracker here.

Search: You can use our Google Custom Search to search across our main website, the support forum, and Bugzilla.

Questions and discussion are welcome, but if you have a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a technical support question, try the OJS Technical Support subforum.
Post a reply

Do not email back passwords

Postby dpleibovitz » Wed May 12, 2010 7:32 am

I just registered as a new user for an OJS based journal
http://ejournals.library.ualberta.ca/in ... complicity
and received a confirmation email containing my password.

1) I do not think that passwords (unless temporary) should ever be emailed to anyone. They could be reset.
2) Ideally, they should not even be stored in the clear. They could stored after a one-way hash. This email is only about 1)

For 1), a simple desktop query on 'password' could reveal all in the clear passwords available, including those in emails. People often re-use passwords, and this makes it easy to find and use other people's account. It is much easier for developers of any system to simply never email passwords. Please update the software to at least not include the password in any confirmation (or other) emails.

Thanks

PS. I have to manually edit the received email to delete that portion. Not all email clients allow one to do so.
dpleibovitz
 
Posts: 1
Joined: Wed May 12, 2010 7:20 am
Top

Re: Do not email back passwords

Postby asmecher » Wed May 12, 2010 9:30 am

Hi dpleibovitz,

Passwords are stored using a one-way hash. By default, passwords are sent upon registration and a temporary password is sent upon password reset; if you wish to remove the password from registration emails, you can use the "Prepared Emails" tool to remove that variable.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 5768
Joined: Wed Aug 10, 2005 12:56 pm
Top
Post a reply

Return to OJS Development

Who is online

Users browsing this forum: No registered users and 2 guests

Powered by phpBB® Forum Software © phpBB Group