Nextcloud version 16.0.5.1:
Operating system and version: nextcloudpi
Apache or nginx version (cant find out)
PHP version:PHP 7.2.24
The issue you are facing:
Is this the first time youâve seen this error? : N
Steps to replicate it: nextcloutpi address on port:4443
- nextcloutpi address on port:4443
- click on nextcloud configuration gear icon
- look at the results
when ooking at the nextcloud configuration screen, down at the info related to the email, the password is in clear text.
That email and password are exposed!
Is it a normal behave or some configuration issue?
In my opinion, the password should not be in clear text for a security reason.
What do I do wrong and how can I make sure that password is not visible to anyone that administer the nextcloudpi?
kind regards,
Kattivius
hey @kattivius
passwords are stored on your machine in clear text (config.php
). so itâs gonna be presented to YOU on YOUR screen in cleartext as well.
and if you would mark the following: if youâre surfing to your ncp-webgui it will always ask you for a user and password. so you better make sure that itâs only you howâs knowing about this webui-user and itâs password. and if itâs only you then it wouldnât matter that the pw is shown in clear text (you already know it yourself)
Thanks for your answer @JummyKarter,
would this not be an issue in the event of an system hacking? (unauthorized access)
Of course not problem if I am accessing it.
More worried in the event of an unluckily unauthorized access.
PS
Please dont get me wrong. If this is how it is, I will live with it.
If there is a solution to secure that part as well, I would.
Kattivius
i was wondering about finding passwords in cleartext on my instance as well⌠but i never found anyone complaining about it.
maybe thereâs no other way possible.
and
if a hacker has got him/herself into your system s/he can do whatever they want. they wonât need no passwords, then as they are inside your system, though.
Ok, Understood.
about this is perfectly true⌠with the exeption that they would also gain access to my external mail address (not hosted in nextcloud) since also that user name and password is exposed.
Maybe I have to research for a different and secure way to send emails to users without using my âpersonalâ mail account from a different ISP.
Thanks for all the responses JimmyKarter
Kattivius
1 Like