Software Hosting and Development Services available at PKP Publishing Services
As the developers of Open Journal Systems, Open Conference Systems, Open Harvester Systems, and Open Monograph Press, the PKP team are experts in helping journal managers and conference organizers make the most of their online publishing projects. PKP Publishing Services offers support for:
As a customer of PKP Publishing Services, you will not only receive direct, personalized support from the PKP Development Team, but will be contributing to the ongoing development of the PKP applications. All funds raised by PKP Publishing Services go directly toward enhancing our free, open source software. For more information, please contact us.
OJS development discussion, enhancement requests, third-party patches and plug-ins.
Moderators: jmacgreg, michael, jheckman, barbarah, btbell, bdgregg, asmecher
Forum rules
Developer Resources:Documentation: The
OJS Technical Reference and the OJS
API Reference are both available from the
OJS Documentation page.
Git: You can access our public Git Repository
here. Comprehensive Git usage instructions are available on the
wiki.
Bugzilla: You can access our Bugzilla report tracker
here.
Search: You can use our
Google Custom Search to search across our main website, the support forum, and Bugzilla.
Questions and discussion are welcome, but if you have a workflow or usability question you should probably post to the
OJS Editorial Support and Discussion subforum; if you have a technical support question, try the
OJS Technical Support subforum.
by ushasharma84 » Sun Aug 29, 2010 11:47 pm
We have a security issue regarding Reviewer Registartion. We have enabled the Reviewer Registration Option in Journal Setup as we want to populate reviwer database with more and more potential reviwers .
Now the problem is if anybody knows reviewers Email Id and he enrolles a person using his information and Email-id as Reviwer Then he can access his account as he will be knowing his password. Now can password option be omitted from regsitration and password will be generated randomly which will be available with email as in case of batch import and send me a notification in email should be mandatory. Can it be considered as Feature request or can u give us some pointers on this as we want it to implement as soon as possible.
Thanks in advance
-
ushasharma84
-
- Posts: 108
- Joined: Wed Mar 31, 2010 11:58 pm
- Location: delhi
by jmacgreg » Mon Aug 30, 2010 4:04 pm
Hi ushasharma84,
Am I right in understanding that you are basically worried about a malicious user impersonating another unregistered possible by registering with their email address? I haven't heard of this happening before, although of course as you point out there's nothing to stop it from happening. I think that a) making it so that a confirmation email is sent out that must be checked as part of the registration process; and b) sending a new user notification email to the journal's primary contact or Journal Manager are two decent feature requests, but I want to make sure I'm understanding the problem correctly before processing them.
Cheers,
James
-
jmacgreg
-
- Posts: 4153
- Joined: Tue Feb 14, 2006 10:50 am
-
by ams.jour » Mon Aug 30, 2010 10:46 pm
We faced the same problem by malicious user so we closed the reviewer's self registration.
But I also feel that password supply through e-mail is the best option at the time of registration.
-AMS
-
ams.jour
-
- Posts: 19
- Joined: Sun Jun 29, 2008 10:57 pm
by ushasharma84 » Wed Sep 01, 2010 12:09 am
Hi James
You got it right and according to me generating random password and sending it through Email is right option to prevent malicious users.
-
ushasharma84
-
- Posts: 108
- Joined: Wed Mar 31, 2010 11:58 pm
- Location: delhi
by jaik_70 » Sat Mar 05, 2011 9:59 pm
Hi
My OJS have User registrartion with CAPTCHA.
Rcecently, I observed that some users register at my OJS with fake email id.
This happen because in present system of OJS give instant access just after the register with athentication of e-mail id.
It will be useful and secure if OJS send first authentical to the new user the allow the access.
-JAIK
-
jaik_70
-
- Posts: 41
- Joined: Tue Jun 02, 2009 5:49 am
Return to OJS Development
Who is online
Users browsing this forum: No registered users and 1 guest
