Suppose we have compromised config.php.
It’s obvious that following fields must be changed\regenerated:
- passwordsalt
- secret
- dbpassword
- mail_smtppassword (if used)
Isinstanceid
a confidential information?
What is the proper way of regeneratingpasswordsalt
andsecret
(andinstanceid
if needed) (db and mail passwords are pretty obvious) — which length it should be, what should be done after regeneration?
It seems doesn’t matter but still:
Nextcloud 12
Debian stretch
Lighttpd 1.4.45
PHP (using php-fpm) 7.0.19
PostgreSQL 9.6.3