Bug 203914

Summary: www/owncloud: DB password unhashed
Product: Ports & Packages Reporter: O. Hartmann <ohartmann>
Component: Individual Port(s)Assignee: Sunpoet Po-Chuan Hsieh <sunpoet>
Status: New ---    
Severity: Affects Many People CC: w.schwarzenfeld
Priority: --- Keywords: needs-qa, security
Version: LatestFlags: bugzilla: maintainer-feedback? (kevlo)
Hardware: Any   
OS: Any   

Description O. Hartmann 2015-10-21 05:33:38 UTC
On a fresh installation of www/owncloud, I find the DB passowrd issued for connecting to the PostgreSQL server in clear text! On an older installation, there is a hashed version of the password.

This is considered a high security risk!
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2015-10-21 05:41:14 UTC
Is this something that needs to be reported, and (also) fixed upstream, or is it a configuration default that can be improved upon?
Comment 2 Rene Ladan freebsd_committer 2018-01-12 11:22:58 UTC
Maintainer reset.
Comment 3 Walter Schwarzenfeld freebsd_triage 2019-09-04 20:24:15 UTC
Maintainer feedback, please resp. is this still relevant?