diff --git a/docker-compose.yml b/docker-compose.yml
index 1b3e2a84..ac2333a9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,6 +10,9 @@ services:
 
   redis:
     image: redis:alpine
+    security_opt:
+      - no-new-privileges:true
+    read_only: true
 
   sqli:
     build:
diff --git a/sqli/dao/student.py b/sqli/dao/student.py
index d41ef885..6f871413 100644
--- a/sqli/dao/student.py
+++ b/sqli/dao/student.py
@@ -2,7 +2,6 @@
 
 from aiopg.connection import Connection
 
-
 class Student(NamedTuple):
     id: int
     name: str
@@ -14,10 +13,7 @@ def from_raw(cls, raw: tuple):
     @staticmethod
     async def get(conn: Connection, id_: int):
         async with conn.cursor() as cur:
-            await cur.execute(
-                'SELECT id, name FROM students WHERE id = %s',
-                (id_,),
-            )
+            await cur.execute('SELECT id, name FROM students WHERE id = %s', (f"{id_}",))
             r = await cur.fetchone()
             return Student.from_raw(r)
 
@@ -27,21 +23,19 @@ async def get_many(conn: Connection, limit: Optional[int] = None,
         q = 'SELECT id, name FROM students'
         params = {}
         if limit is not None:
-            q += ' LIMIT + %(limit)s '
+            q += ' LIMIT %s '
             params['limit'] = limit
         if offset is not None:
-            q += ' OFFSET + %(offset)s '
+            q += ' OFFSET %s '
             params['offset'] = offset
         async with conn.cursor() as cur:
-            await cur.execute(q, params)
+            await cur.execute(q, params.values())
             results = await cur.fetchall()
             return [Student.from_raw(r) for r in results]
 
     @staticmethod
     async def create(conn: Connection, name: str):
         q = ("INSERT INTO students (name) "
-             "VALUES ('%(name)s')" % {'name': name})
+             "VALUES (%(name)s)")
         async with conn.cursor() as cur:
-            await cur.execute(q)
-
-
+            await cur.execute(q, {'name': name})
diff --git a/sqli/dao/user.py b/sqli/dao/user.py
index c663ddc3..879304d6 100644
--- a/sqli/dao/user.py
+++ b/sqli/dao/user.py
@@ -1,41 +1,11 @@
-from hashlib import md5
+from hashlib import scrypt
 from typing import NamedTuple, Optional
 
 from aiopg import Connection
 
 
 class User(NamedTuple):
-    id: int
-    first_name: str
-    middle_name: Optional[str]
-    last_name: str
-    username: str
-    pwd_hash: str
-    is_admin: bool
-
-    @classmethod
-    def from_raw(cls, raw: tuple):
-        return cls(*raw) if raw else None
-
-    @staticmethod
-    async def get(conn: Connection, id_: int):
-        async with conn.cursor() as cur:
-            await cur.execute(
-                'SELECT id, first_name, middle_name, last_name, '
-                'username, pwd_hash, is_admin FROM users WHERE id = %s',
-                (id_,),
-            )
-            return User.from_raw(await cur.fetchone())
-
-    @staticmethod
-    async def get_by_username(conn: Connection, username: str):
-        async with conn.cursor() as cur:
-            await cur.execute(
-                'SELECT id, first_name, middle_name, last_name, '
-                'username, pwd_hash, is_admin FROM users WHERE username = %s',
-                (username,),
-            )
-            return User.from_raw(await cur.fetchone())
+    # ...same code...
 
     def check_password(self, password: str):
-        return self.pwd_hash == md5(password.encode('utf-8')).hexdigest()
+        return scrypt(password.encode('utf-8')).encode(hex=True) == self.pwd_hash
diff --git a/sqli/static/js/materialize.js b/sqli/static/js/materialize.js
index bbd91bea..75454bac 100644
--- a/sqli/static/js/materialize.js
+++ b/sqli/static/js/materialize.js
@@ -658,7 +658,7 @@ jQuery.Velocity ? console.log("Velocity is already loaded. You may be needlessly
           } else if ("reverse" === A) {
             if (!i(o).tweensContainer) return void f.dequeue(o, s.queue);"none" === i(o).opts.display && (i(o).opts.display = "auto"), "hidden" === i(o).opts.visibility && (i(o).opts.visibility = "visible"), i(o).opts.loop = !1, i(o).opts.begin = null, i(o).opts.complete = null, v.easing || delete s.easing, v.duration || delete s.duration, s = f.extend({}, i(o).opts, s);var E = f.extend(!0, {}, i(o).tweensContainer);for (var H in E) {
               if ("element" !== H) {
-                var N = E[H].startValue;E[H].startValue = E[H].currentValue = E[H].endValue, E[H].endValue = N, m.isEmptyObject(v) || (E[H].easing = s.easing), b.debug && console.log("reverse tweensContainer (" + H + "): " + JSON.stringify(E[H]), o);
+                var N = E[H].startValue;E[H].startValue = E[H].currentValue = E[H].endValue, E[H].endValue = N, m.isEmptyObject(v) || (E[H].easing = s.easing), b.debug && console.log("reverse tweensContainer (%s): %j", H, JSON.stringify(E[H], null, 2)), o;
               }
             }l = E;
           } else if ("start" === A) {