On a fresh installation of www/owncloud, I find the DB passowrd issued for connecting to the PostgreSQL server in clear text! On an older installation, there is a hashed version of the password.
This is considered a high security risk!
Is this something that needs to be reported, and (also) fixed upstream, or is it a configuration default that can be improved upon?
Maintainer feedback, please resp. is this still relevant?