We take the security of Laravel Deployment Scripts project seriously.

If you discover a security vulnerability, please do not open a public issue.

1. Send an email: ismail@usluer.net
2. Provide details:
   • Description of the vulnerability
   • Affected version
   • Steps to reproduce
   • Potential impact
3. Wait for response: We will respond within 48 hours

- Type of security vulnerability
- Affected file/code lines
- Steps to reproduce
- Potential impact assessment
- Suggested fix (if any)

1. ✅ Delete after use

   rm public/install.php
   rm public/update.php

2. ✅ Check install.lock

   • Script runs only once
   • Don't manually delete the lock

3. ✅ Add to .gitignore

   public/*.php
   public/install.lock

4. ✅ Check file permissions

   chmod 644 public/*.php

5. ✅ Use HTTPS

   • Don't run over HTTP
   • Use SSL certificate

6. ✅ Be careful in production

   • Enable maintenance mode
   • Take backups
   • Test in staging environment

# Protect sensitive information
APP_KEY=base64:...
DB_PASSWORD=...

# Debug off in production
APP_DEBUG=false
APP_ENV=production

• ⚠️ Scripts run in public directory
• ✅ Always delete after use
• ✅ Configure web server

# Block deployment scripts
location ~* \.(php)$ {
    if ($request_filename ~* (install|update|clear-cache|refresh-cache)\.php$) {
        return 403;
    }
}

# Block deployment scripts
<FilesMatch "(install|update|clear-cache|refresh-cache)\.php$">
    Require all denied
</FilesMatch>

• 📧 Email: ismail@usluer.net
• 💬 Private disclosure: GitHub Security Advisory

Security researchers who responsibly disclosed vulnerabilities:

• (None yet - be the first!)

• OWASP Top 10
• Laravel Security
• PHP Security Guide

Security is our priority! Thanks for responsible disclosure.