a colleague of mine noticed a somewhat strange circumstance and perhaps a security issue concerning the management of credentials for e.g. the “DataCite Export/Registration Plugin”, at least in our instance. (I guess the same applies for Crossref and other plugins under “Tools”.)
I know that these credentials can be journal specific and hence journal managers etc. must have access to the plugin configuration (and they are most likely to know the credentials anyway).
But: We have an OJS 3 instance with several journals and we use the same DataCite credentials for all journals. Now, anyone with permission level “Journal Manager” can see the plugin configuration and while the password is obscured at first sight…
… it’s perfectly readable in plain text when using your ordinary HTML inspection tools.
Perhaps I’m missing something here, but doesn’t that mean, we cannot keep those (site-wide) credentials secret from anyone with “just” journal manager permission level?
So my first question would be: Is the way we handle these credentials wrong and, if so, how can we do it properly? Can we modify the “Journal Manager” permission level (or create our own) so as to forbid access to the plugin config?
If this is not an issue with us, however, we’d like to ask if and how this problem could be tackled. Could the privilege system be made more granular in this regard? Or could the plugin(s) provide a mechanism similar to the ORCID plugin, where server administrators can include the credentials in config.inc.php for all journals while hiding the client secret in the web frontend?
I’d be interested in and grateful for your thoughts on this.