Security Guidelines
General security best practices
Details
Language / Topic
_UUniversal
Category
Security
Rules
balanced
- Validate and sanitize all user inputs from external sources.
- NEVER hardcode secrets (API keys, passwords) in the codebase. Use environment variables.
- Use parameterized queries for all database access — never concatenate user input into SQL, command strings, or template expressions.
- If you detect a hardcoded secret, stop immediately and prompt the user to remove it.
- Use parameterized queries or ORMs to prevent SQL injection.
- Ensure code handles edge cases and failures gracefully, not just the happy path.