We have been investigating Nextcloud for a couple of months and have some concerns over a particular security threat where the credentials (whether username and password, OAuth tokens, etc) are recorded and stored into the database associated with our Nextcloud installation.
In our environment (Higher Education Research), we especially like the capabilities of allowing a user to be able to connect to a range of different storage back-ends with the ability to move and consolidate data between the different sources (think of researchers with data in several locations and wanting to bring it together into one place). However, we definitely do not want to be storing a user’s individual credentials for their external storage connections. The user’s individual credentials for different external storage locations will differ for each storage connection, so we cannot use the “Log-in credentials, Save in Session”.
Is there a way to enable users to define external storage mounts and access them as needed through the browser or sync clients without needing to store credentials in the Nextcloud database?
What would be your preferred solution, to save encrypted credentials (e.g. with user password) that they are accessible during a session? Or ask the user on each login for the credentials?
At the moment this is not possible. As a remark, doing so would be possible but has a drawback: Basically once we don’t store the passwords sharing from a storage wouldn’t work anymore. (which might be completely ok for your use-case though)
What would be a technical possibility to implement is an additional authentication mode similar to “User entered, stored in database” (which encrypts the credentials with the secret in your config file). The difference would basically be that the new mode would encrypt the credentials with a secret belonging to the user (and not accessible to an admin). That way from a security PoV the same conditions are required for an administrator to intercept a password as if it where stored within our sessions.
Considering your environment you may also want to consider a Support Subscription as available at https://nextcloud.com/enterprise/. These do grant you direct access to our engineering team for questions, SLAs as well as the ability to influence the roadmap.
@tflidd@LukasReschke Thanks both for your comments, this would be an improvement on the security of the credentials, acknowledging that it prevents the sharing capabilities, which were viewed as being useful for our use cases. I will confirm with the team here on the preferred approach and reply again shortly.