diff --git a/nextcloud/hooks/postgres_database-relation-joined b/nextcloud/hooks/postgres_database-relation-joined
index 78340a2f..ff60bb5e 100755
--- a/nextcloud/hooks/postgres_database-relation-joined
+++ b/nextcloud/hooks/postgres_database-relation-joined
@@ -8,7 +8,36 @@ PASSWORD="$(relation-get password)"
 USER="$(relation-get user)"
 DBNAME="$(relation-get dbname)"
 
-config-add "\
+
+## This check adds purely arbitrary limits to what could be a password
+## if we need to open that more, just consider the next script where we'll
+## need to write in a PHP structure, or in YAML structure.
+
+## Note that here, "[]" chars are not accepted just because it doesn't seem evident
+## to test for those in bash.
+if ! [[ "$PASSWORD" =~ ^[a-zA-Z0-9~\`\&+=@\#^\*/\\_%\$:\;\!?.,\<\>{}()\"\'|-]*$ ]]; then
+     err "Invalid password chosen for postgres database."
+     exit 1
+fi
+
+## if config is not existent
+if [ -e "$CONFIGFILE" ] && grep "^  'dbuser' => '" "$CONFIGFILE" >/dev/null; then
+
+    ## 'occ' can't be used as it will try to connect to postgres before running and
+    ## will fail if user/password is not correct
+
+    ## We need to get through bash, and sed interpretation, then PHP single quoted strings.
+    quoted_user="${USER//\\/\\\\\\\\\\}"
+    quoted_user="${quoted_user//\'/\\\\\'}"
+    quoted_password="${PASSWORD//\\/\\\\\\\\\\}"
+    quoted_password="${quoted_password//\'/\\\\\'}"
+    sed -ri "s/^(  'dbuser' => ')(.*)(',)$/\1${quoted_user}\3/g;\
+             s/^(  'dbpassword' => ')(.*)(',)$/\1${quoted_password}\3/g;" "$CONFIGFILE"
+else
+
+    ## These variable are not used by current docker image after first install
+
+    config-add "\
 services:
   $MASTER_BASE_SERVICE_NAME:
     environment:
@@ -17,5 +46,6 @@ services:
       POSTGRES_PASSWORD: $PASSWORD
       POSTGRES_USER: $USER
 "
+fi
 
 info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access."
diff --git a/nextcloud/lib/common b/nextcloud/lib/common
index 3c4a9de0..334b7ddf 100644
--- a/nextcloud/lib/common
+++ b/nextcloud/lib/common
@@ -6,6 +6,11 @@
 PASSWORD_FILE="$SERVICE_CONFIGSTORE/etc/$SERVICE_NAME/pass"
 
 
+## Used to check existence and make direct changes when 'occ' command
+## can't do it properly.
+CONFIGFILE="$SERVICE_CONFIGSTORE/var/www/html/config/config.php"
+
+
 has_user() {
     local user="$1"
     if ! out=$(occ user:info "$user"); then
@@ -107,7 +112,7 @@ occ() {
     ## supposed to exist). For that we need to make sure nextcloud have
     ## be ran and setup prior to running this next command.
     export COMPOSE_IGNORE_ORPHANS=true
-    compose --debug -q --no-init --no-relations run \
+    compose --debug -q --no-init --without-relation="$SERVICE_NAME":web-proxy run \
            "${occ_docker_run_opts[@]}" \
             -v "$HOST_CHARM_STORE/${CHARM_REL_PATH#${CHARM_STORE}/}/src/occ.batch:/var/www/html/occ.batch" \
             -T --rm -u www-data "$SERVICE_NAME" /var/www/html/occ.batch "$@" | cat