<![CDATA[Monica key and salt]]>In /app/data/env
HASH_SALT is ChangeMeBy20+KeyLength

Is this of any security concern?

Also, on a Monica instance upgraded from earlier versions, the APP_KEY also appeared to be an unchanged default. I've since reinstalled the app.

Thanks 🙂

]]>https://forum.cloudron.io/topic/1428/monica-key-and-saltRSS for NodeSat, 18 Apr 2026 19:23:30 GMTThu, 09 Aug 2018 03:05:09 GMT60<![CDATA[Reply to Monica key and salt on Sun, 12 Aug 2018 19:27:14 GMT]]>https://github.com/monicahq/monica/issues/381 is the security concern.

Using the ID can allow people to get a very good sense of how many users are on the system and the amount of contacts. It also is information leakage because I know all the URLs for every contact.

I think using a hashid based on the contact id, the user creating it and maybe another factor would work great.
]]>https://forum.cloudron.io/post/2062https://forum.cloudron.io/post/2062Sun, 12 Aug 2018 19:27:14 GMT<![CDATA[Reply to Monica key and salt on Thu, 09 Aug 2018 06:43:40 GMT]]>The HASH_SALT does look a bit concerning, have to look into this.
The APP_KEY is now generated on first startup and thus unique to your installation. If you want to recreate it, you have to run php artisan db:seed --class ActivityTypesTableSeeder --force from within a terminal into the app (You can get this through the Cloudron dashbaord) However I don't think this is required, given that it is unique to your instance already.

]]>https://forum.cloudron.io/post/2045https://forum.cloudron.io/post/2045Thu, 09 Aug 2018 06:43:40 GMT