CrossRef XML Export Plugin - password security

Hi, I would like to automate the register of DOIs directly with CrossRef by providing username and password into the plugin config.
But then I see this warning: “Please note that the password will be saved as plain text, i.e. not encrypted.”
How insecure is that?
Is it a better practice to manually upload xml to the crossref site instead?
I’m using OJS 3.1.2


Hi @GabeLon,

I’ve consulted with some of my colleagues and he said the following:

What this message is really saying is that to safely enter the password here, you must trust: 1) others with the same permissions as you to manage the plugin, 2) filesystem administrators, 3) your database administrator and database backups. Anyone with permissions to manage the plugin, view the OJS plugin cache files, view the database, export the database, or see the database export unencrypted in transit to an offsite location will have the ability to see this password. With a secure server and backup configuration, this password is safe.

I hope this explanation helps - if not, please let me know, and I can follow up further.

PKP Team

1 Like

Thank you @rcgillis. That was exactly what I needed to know!
Best regards.

And, just to note as well:

This is an issue that effects all of the export plugins that automatically deposit to a third-party service. There’s an issue filed here: Prevent journal managers from viewing DataCite credentials · Issue #6869 · pkp/pkp-lib · GitHub

PKP Team

This topic was automatically closed after 13 days. New replies are no longer allowed.