Passwords are one way encrypted meaning it cannot be reversed engineered to get the plain text password. E.g. PlainPass is stored as A*HHJ*6d*75*gb in the database. All data is cleaned and escaped to prevent SQL Injections. We use prepared statements for database queries to prevent SQL Injections. Session cookies are used to track user activity. These cookies are created with the secure and httponly flags. We use sessions to track active users and only show their relevant data. The site has a secure certificate meaning all data sent from the server to the browser and vice versa is encrypted. The server has an active hardware firewall which prevents unauthorised access to the server and database.