Security question: is possibile to access passwords from the hosting files / database without know the password?

I have the following question just to understand how much secure I can be:

If someone can access to my server files where NextCloud and the app password is installed and, want access to my passwords would be able to do editing the database or the config files?

Usually who has the server access are able to disable or change the passwords.
Maybe can change my nextcloud email and as for a password reset, this will allow to log in in the web app.

I set the password end to end encryption so every time the passphrase is requested, that will be my protection in case someone is able to log in into nextcloud?

Will be no way to disable the passphrase request to access passwords? If will be a way passwords will be unreadable because encrypted?

Is just a way to understand if, if someone has hosting access can be able to access password without authorization.

And… another question: all field are encrypted, note in the passwords too?
All fields?

Thank you!

Here is the F.A.Q on security from the wiki

Here are the different encryption methods explained

The app has two different options, a server side encryption which is weaker and an End-to-End encryption which is stronger.

End-to-End encryption will encrypt all passwords with the encryption passphrase which you will have to enter every time you open the app. Without it, it will not be possible to decrypt the passwords.

The app is the most secure if you enable End-to-End encryption and then only use the apps & browser extensions to access it.

If you use the web interface of the app in Nextcloud, an attacker that has compromised your server without your knowledge could embed a keylogger into the website and steal your E2E encryption passphrase.

1 Like

Thanks for the info. Notes are encrypted as well or not?
Custom secret filed are encrypted as passwords?

Yes, the app encrypts all relevant fields for passwords, folders and tags. So also the name, website, notes, custom fields etc.