Security Policy

Vulnerability Disclosure Policy

This site welcomes responsible disclosure of security vulnerabilities.

If you discover a security issue, please contact me:

Contact:

dragonrster@foxmail.com

PGP Key: Available upon request for encrypted communication.

Principles

Do not exploit vulnerabilities to cause damage, modify data, or disrupt service availability.

Do not publicly disclose vulnerability details until we confirm the fix is complete.

Allow reasonable time for remediation (typically 30-90 days, depending on severity).

Provide sufficient detail for us to reproduce and fix the issue.

Scope

This policy covers the following assets:

www.dragonrster.cn — Main site and all sub-pages

web_server.py — Custom HTTP server

cgi-bin/ — All CGI scripts (guestbook, editor, search, toolbox, stats)

Out of Scope

Third-party services (moe.dragonrster.cn counter, Neocities badges, etc.)

Subdomain takeover of expired domains

Social engineering attacks

DoS/DDoS attacks

Acknowledgments

Confirmed and fixed vulnerabilities will be acknowledged on this page

(unless you prefer to remain anonymous). No external vulnerability

reports have been received yet — you could be the first!

« Home