Hi,
I’m a new Nextcloud user and I’m definitely not an expert for encryption, but I’ve just encountered the following issue and I couldn’t find any other thread where it has been discussed:
When setting up an SMTP server in the NC settings for password reset emails, welcome emails, notification emails etc. at yourcloud/index.php/settings/admin, I figuered that all that SMTP access information is stored in the config.php file of the Nextcloud in plaintext, including the password for the SMTP server if the server requires authentification (in my case it does).
So for my understanding this means that everyone who has or gains access to the config file will be able to read this password.
I planned to use my private email address (like I guess most private users do) but I really feel uncomfortable storing my email password as plain text in the config file. Of course I could use a workaround by setting up an email address to be used only for those notificationn emails.
But I rather feel, there shouldn’t be any passwords stored as plain text in the config file.
Is there a way to do this? Or is my understanding of the safety of the config file wrong?
Or should this issue be addressed?
Nextcloud version: 18.0.4
PHP version: 7.2.24