# Security ### Request security All requests are predefined with a specification of parameters, their expected types and validation methods. This makes for a strong first security layer that blocks anything that doesn't looks like a request our app would expect. ### Injection prevention [SQL injection](https://en.wikipedia.org/wiki/SQL_injection) and [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting) attack vectors are monitored from the very moment a user-provided data enters the App, to the moment it is stored on the database. ### CSRF detection Cherrycake implements a [CSRF](https://en.wikipedia.org/wiki/Cross-site_request_forgery) threat detection mechanism automatically integrated into all sensible requests. ### Threat logging and blocking Cherrycake can log all attacks and keep track of suspicious IPs, automatically blacklisting clients that have passed a configured threshold. ### Secure user authentication and session tracking Cherrycake provides a secure user authentication and session tracking mechanisms using modern password encryption and server-based session data storage. ### Scalability Thanks to a thorough [lifecycle](/version-1.x-beta/architecture/lifecycle.md) and its modular structure, Cherrycake allows for the easy implementation of new security mechanisms and the improvement of the existing attack detection routines. We encourage you to contribute your suggestions, ideas and security improvements through the official [GitHub](https://github.com/tin-cat/cherrycake-engine) repository. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cherrycake.tin.cat/version-1.x-beta/architecture/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.