As a Journal Manager, I need to be sure that the application uses available security measures, in order to ensure safeguarding of secrets and personal data.
The DNB Hotfolder plugin currently stores credentials as plain text.
It is suggested to use common hashing algorithms like Argon2id or bcrypt to obfuscate the secret, being encrypted with a hash and in OJS 3.5 the app secret.
Passwords should never be stored in plain text. Instead, they must be protected using strong, slow hashing algorithms such as Argon2id, bcrypt, or PBKDF2. A unique salt must be added to each password to prevent attackers from using precomputed lookup tables like rainbow tables. Fast hashing algorithms such as SHA‑256 are not suitable for password storage because they allow attackers to perform large numbers of guesses quickly. Using slow, memory‑hard algorithms makes brute‑force attacks significantly more difficult, expensive, and time‑consuming.
Password Storage - OWASP Cheat Sheet Series
Eventually the PKP/OJS ecosystem already offers a shared common pattern to implement this requirement.
As a Journal Manager, I need to be sure that the application uses available security measures, in order to ensure safeguarding of secrets and personal data.
The DNB Hotfolder plugin currently stores credentials as plain text.
It is suggested to use common hashing algorithms like Argon2id or bcrypt to obfuscate the secret, being encrypted with a hash and in OJS 3.5 the app secret.
Eventually the PKP/OJS ecosystem already offers a shared common pattern to implement this requirement.