| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
Please DO NOT report security vulnerabilities publicly.
Instead, please email security@localzet.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt within 24 hours and provide an initial response within 48 hours.
- Always use parameterized queries - Never concatenate user input into SQL queries
- Use database connection pooling securely
- Encrypt sensitive data at rest
- Use strong database passwords
- Limit database user permissions (principle of least privilege)
- Regularly update database dependencies
- Monitor database access logs
- Use prepared statements for all queries
This component uses Illuminate Database which provides automatic SQL injection protection through:
- Parameter binding in query builder
- Prepared statements in Eloquent ORM
- Automatic escaping of bound parameters
Example of safe query:
// ✅ Safe - uses parameter binding
DB::table('users')->where('email', $email)->first();
// ❌ Unsafe - never do this
DB::select("SELECT * FROM users WHERE email = '$email'");