diff --git a/src/api/account/handlers.rs b/src/api/account/handlers.rs
index 475d80b..6eefb40 100644
--- a/src/api/account/handlers.rs
+++ b/src/api/account/handlers.rs
@@ -1,6 +1,7 @@
 use crate::{
     accounts::Account,
     api::account::data,
+    security::{is_sql_injection, AlphaExt},
     tokens::{AuthToken, VerificationToken},
 };
 use anyhow::Result;
@@ -8,23 +9,6 @@ use log::info;
 use mail_send::{mail_builder::MessageBuilder, SmtpClientBuilder};
 use sqlx::PgPool;
 
-fn is_sql_injection(string: &String) -> bool {
-    match libinjection::sqli(string) {
-        Some((is_injection, _)) => is_injection,
-        None => true, // this could be a false positive, but that would be better than an SQLi
-    }
-}
-
-trait AlphaExt {
-    fn is_alpha(&self) -> bool;
-}
-
-impl AlphaExt for String {
-    fn is_alpha(&self) -> bool {
-        self.chars().all(|c| c.is_alphanumeric())
-    }
-}
-
 pub async fn register(
     pool: &PgPool,
     request: data::RegisterRequest,
diff --git a/src/main.rs b/src/main.rs
index 63dcebb..0e70afa 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,5 +1,6 @@
 mod accounts;
 mod api;
+mod security;
 mod tokens;
 
 use anyhow::Result;
diff --git a/src/security.rs b/src/security.rs
new file mode 100644
index 0000000..a729e9a
--- /dev/null
+++ b/src/security.rs
@@ -0,0 +1,16 @@
+pub fn is_sql_injection(string: &String) -> bool {
+    match libinjection::sqli(string) {
+        Some((is_injection, _)) => is_injection,
+        None => true, // this could be a false positive, but that would be better than an SQLi
+    }
+}
+
+pub trait AlphaExt {
+    fn is_alpha(&self) -> bool;
+}
+
+impl AlphaExt for String {
+    fn is_alpha(&self) -> bool {
+        self.chars().all(|c| c.is_alphanumeric())
+    }
+}