@@ -1,4 +1,5 @@
bcrypt passwords
session management using proper random tokens
CSRF protection
input validation to avoid XSS and injection
only allow signup, login ecc over HTTPS
The note is not visible to the blocked user.