Latest blog posts
Martin Eve
2024 April 03

Testing times

One of the challenges that we face in Labs and Research at Crossref is that, as we prototype various tools, we need the community to be able to test them. Often, this involves asking for deposit to a different endpoint or changing the way that a platform works to incorporate a prototype. The problem is that our community is hugely varied in its technical capacity and level of ability when it comes to modifying their platform.

...Find out more
Joe Wass
2024 March 18

Mending Chesterton's Fence: Open Source Decision-making

When each line of code is written it is surrounded by a sea of context: who in the community this is for, what problem we’re trying to solve, what technical assumptions we’re making, what we already tried but didn’t work, how much coffee we’ve had today. All of these have an effect on the software we write. By the time the next person looks at that code, some of that context will have evaporated.

...Find out more
Martin Eve
2024 March 15

Credential Checking at Crossref

It turns out that one of the things that is really difficult at Crossref is checking whether a set of Crossref credentials has permission to act on a specific DOI prefix. This is the result of many legacy systems storing various mappings in various different software components, from our Content System through to our CRM. To this end, I wrote a basic application, credcheck, that will allow you to test a Crossref credential against an API.

...Find out more
Patrick Polischuk
2024 March 13

Subject codes, incomplete and unreliable, have got to go

Subject classifications have been available via the REST API for many years but have not been complete or reliable from the start and will soon be deprecated. dfdfd The subject metadata element was born out of a Labs experiment intended to enrich the metadata returned via Crossref Metadata Search with All Subject Journal Classification codes from Scopus. This feature was developed when the REST API was still fairly new, and we now recognize that the initial implementation worked its way into the service prematurely.

...Find out more
  • Menu
search

Blog

Accidental release of internal passwords, & API tokens for the Crossref system

Geoffrey Bilder

Geoffrey Bilder – 2019 October 04

In CodeTechnologyCrossref SystemGitlab

TL;DR On Wednesday, October 2nd, 2019 we discovered that we had accidentally pushed the main Crossref system as part of a docker image into a developer’s account on Docker Hub. The binaries and configuration files that made up the docker image included embedded passwords and API tokens that could have been used to compromise our systems and infrastructure. When we discovered this, we immediately secured the repo, changed all the passwords and secrets, and redeployed the system code.

A fairer approach to waiting for deposits

Chuck Koscher

Chuck Koscher – 2016 July 20

In Content RegistrationCrossref SystemMetadataNews Release

If you ever see me in the checkout line at some store do not ever get in the line I’m in. It is always the absolute slowest. Crossref’s metadata system has a sort of checkout line, when members send in their data they got processed essentially in a first come first served basis. It’s called the deposit queue. We had controls to prevent anyone from monopolizing the queue and ways to jump forward in the queue but our primary goal was to give everyone a fair shot at getting processed as soon as possible.

RSS Feed

Recent Posts

Testing times

2024 April 03

Mending Chesterton's Fence: Open Source Decision-making

2024 March 18

Credential Checking at Crossref

2024 March 15

Subject codes, incomplete and unreliable, have got to go

2024 March 13

Categories

Archives