Hello!
I currently use the NC passwords app - works great.
I have a close friend of mine who helped me set up my server. He still has access to it in case things go wrong. He’s also an admin.
He doesn’t have access to my actual nextcloud instance (also have 2fa set up), however, since he is an admin on my RHEL Server, can he see my passwords? As in, wherever the passwords are saved on my server, is he able to see them at all?
Hope that makes sense.
Thanks!
This issue is explained in the f.a.q of the in-app manual: F.A.Q · Wiki · nextcloud / passwords · GitLab :
The second main factor is the administrator of your Nextcloud instance.
Any security issues in Nextcloud, other Nextcloud apps and the server in general is also a security issue for the Passwords app.
So in order to keep your passwords safe, your server administrator has to keep the server safe.
A bad administrator could also manipulate Nextcloud in a way to steal your passwords even when client side encryption is enabled.
You will have to trust your administrator to keep the server safe.
It doesn’t matter if the admin is admin of the Nextcloud or the server. He has access to the database and all code run on the server and trough the website in your browser.
The only safe option to run passwords on a server you don’t trust is using end-to-encryption .
Additionally you should also avoid the webapp and use the browser extension or the smartphone apps to access your passwords. The files of the webapp are stored on the server and could be edited to steal data once it’s decrypted. (We’re working on ideas to reduce this risk)
But in order to enable e2e, you need to use the webapp for the setup. You should verify that the code of the app that is currently on your server matches the code of the release on the appstore. (e.g by comparing hashes for each file). If that’s the case, set up e2e as usual.
You can also try the code integrity check built into NC, but an evil administrator could tamper with this check as this is executed on the server.