If you discover a security issue in cubrid-cookbook examples, please report it responsibly by emailing:
Email: paikend@gmail.com
Do not open a public GitHub issue for security vulnerabilities. Responsible disclosure allows us to address the issue before public disclosure.
- 48 hours: Initial acknowledgment of your report
- 7 days: Security assessment and initial response with remediation plan
- Ongoing: Regular updates on progress until resolution
A security issue is any vulnerability that could:
- Allow unauthorized access to data
- Permit SQL injection or other code execution attacks
- Expose sensitive information (credentials, tokens, private data)
- Compromise confidentiality, integrity, or availability of the system
Examples include:
- SQL injection vulnerabilities in example code
- Hardcoded credentials in examples
- Insecure configuration patterns
When using cubrid-cookbook examples in production:
- Always use parameterized queries to prevent SQL injection
- Never hardcode credentials — use environment variables
- Keep all dependencies updated to the latest versions
- Follow the principle of least privilege for database credentials
- Use secure connection parameters when connecting to CUBRID databases
Once a security vulnerability is fixed:
- A security patch will be released
- The vulnerability will be disclosed in release notes
- Credit will be given to the reporter (if requested)
We appreciate your responsible disclosure and help in keeping cubrid-cookbook secure.