diff --git a/server/src/app/__pycache__/faker_seed.cpython-311.pyc b/server/src/app/__pycache__/faker_seed.cpython-311.pyc
index 491ccd6..52bef4a 100644
Binary files a/server/src/app/__pycache__/faker_seed.cpython-311.pyc and b/server/src/app/__pycache__/faker_seed.cpython-311.pyc differ
diff --git a/server/src/app/api/v1/__pycache__/knowledges.cpython-311.pyc b/server/src/app/api/v1/__pycache__/knowledges.cpython-311.pyc
index f1ca81d..d9d22c3 100644
Binary files a/server/src/app/api/v1/__pycache__/knowledges.cpython-311.pyc and b/server/src/app/api/v1/__pycache__/knowledges.cpython-311.pyc differ
diff --git a/server/src/app/api/v1/__pycache__/metrics.cpython-311.pyc b/server/src/app/api/v1/__pycache__/metrics.cpython-311.pyc
index ac7232b..f4a966e 100644
Binary files a/server/src/app/api/v1/__pycache__/metrics.cpython-311.pyc and b/server/src/app/api/v1/__pycache__/metrics.cpython-311.pyc differ
diff --git a/server/src/app/api/v1/__pycache__/users.cpython-311.pyc b/server/src/app/api/v1/__pycache__/users.cpython-311.pyc
index 7584b8b..59bbe23 100644
Binary files a/server/src/app/api/v1/__pycache__/users.cpython-311.pyc and b/server/src/app/api/v1/__pycache__/users.cpython-311.pyc differ
diff --git a/server/src/app/api/v1/knowledges.py b/server/src/app/api/v1/knowledges.py
index eb7d4d5..4efbe11 100644
--- a/server/src/app/api/v1/knowledges.py
+++ b/server/src/app/api/v1/knowledges.py
@@ -4,8 +4,8 @@ from fastapi import APIRouter
 from src.app.models.knowledge import Knowledge
 from src.app.models.question import Question
 
-from src.app.crud.crud_knowledges import create_knowledge, read_knowledges, read_knowledge, update_knowledge, delete_knowledge
-from src.app.crud.crud_questions import read_questions as read_questions_crud, create_question
+from src.app.data.knowledge import create_knowledge, read_knowledges, read_knowledge, update_knowledge, delete_knowledge
+from src.app.data.question import read_questions as read_questions_crud, create_question
 
 from src.app.services.language_generation import questions_generation
 
diff --git a/server/src/app/api/v1/metrics.py b/server/src/app/api/v1/metrics.py
index 58c8c02..e1127b7 100644
--- a/server/src/app/api/v1/metrics.py
+++ b/server/src/app/api/v1/metrics.py
@@ -1,7 +1,7 @@
 from fastapi import APIRouter
 
 from src.app.models.metric import Metric
-from src.app.crud.crud_metrics import create_metric
+from src.app.data.metric import create_metric
 
 router = APIRouter(tags=["metrics"])
 
diff --git a/server/src/app/api/v1/users.py b/server/src/app/api/v1/users.py
index d5e6252..eb64c49 100644
--- a/server/src/app/api/v1/users.py
+++ b/server/src/app/api/v1/users.py
@@ -5,7 +5,7 @@ from fastapi.security import OAuth2PasswordRequestForm, OAuth2PasswordBearer
 from datetime import timedelta
 
 from src.app.models.user import User
-from src.app.crud.crud_user import create_user
+from src.app.data.user import create_user
 from src.app.services.auth import get_current_user, authenticate_user, create_access_token, hash_password, Token
 
 router = APIRouter(tags=["users"])
diff --git a/server/src/app/crud/__pycache__/crud_knowledges.cpython-311.pyc b/server/src/app/data/__pycache__/crud_knowledges.cpython-311.pyc
similarity index 95%
rename from server/src/app/crud/__pycache__/crud_knowledges.cpython-311.pyc
rename to server/src/app/data/__pycache__/crud_knowledges.cpython-311.pyc
index 955b230..406fc40 100644
Binary files a/server/src/app/crud/__pycache__/crud_knowledges.cpython-311.pyc and b/server/src/app/data/__pycache__/crud_knowledges.cpython-311.pyc differ
diff --git a/server/src/app/crud/__pycache__/crud_metrics.cpython-311.pyc b/server/src/app/data/__pycache__/crud_metrics.cpython-311.pyc
similarity index 100%
rename from server/src/app/crud/__pycache__/crud_metrics.cpython-311.pyc
rename to server/src/app/data/__pycache__/crud_metrics.cpython-311.pyc
diff --git a/server/src/app/crud/__pycache__/crud_questions.cpython-311.pyc b/server/src/app/data/__pycache__/crud_questions.cpython-311.pyc
similarity index 100%
rename from server/src/app/crud/__pycache__/crud_questions.cpython-311.pyc
rename to server/src/app/data/__pycache__/crud_questions.cpython-311.pyc
diff --git a/server/src/app/crud/__pycache__/crud_user.cpython-311.pyc b/server/src/app/data/__pycache__/crud_user.cpython-311.pyc
similarity index 100%
rename from server/src/app/crud/__pycache__/crud_user.cpython-311.pyc
rename to server/src/app/data/__pycache__/crud_user.cpython-311.pyc
diff --git a/server/src/app/data/__pycache__/knowledge.cpython-311.pyc b/server/src/app/data/__pycache__/knowledge.cpython-311.pyc
new file mode 100644
index 0000000..0376b55
Binary files /dev/null and b/server/src/app/data/__pycache__/knowledge.cpython-311.pyc differ
diff --git a/server/src/app/data/__pycache__/metric.cpython-311.pyc b/server/src/app/data/__pycache__/metric.cpython-311.pyc
new file mode 100644
index 0000000..10f169a
Binary files /dev/null and b/server/src/app/data/__pycache__/metric.cpython-311.pyc differ
diff --git a/server/src/app/data/__pycache__/question.cpython-311.pyc b/server/src/app/data/__pycache__/question.cpython-311.pyc
new file mode 100644
index 0000000..4ca09b3
Binary files /dev/null and b/server/src/app/data/__pycache__/question.cpython-311.pyc differ
diff --git a/server/src/app/data/__pycache__/user.cpython-311.pyc b/server/src/app/data/__pycache__/user.cpython-311.pyc
new file mode 100644
index 0000000..d8f751b
Binary files /dev/null and b/server/src/app/data/__pycache__/user.cpython-311.pyc differ
diff --git a/server/src/app/crud/crud_knowledges.py b/server/src/app/data/knowledge.py
similarity index 100%
rename from server/src/app/crud/crud_knowledges.py
rename to server/src/app/data/knowledge.py
diff --git a/server/src/app/crud/crud_metrics.py b/server/src/app/data/metric.py
similarity index 100%
rename from server/src/app/crud/crud_metrics.py
rename to server/src/app/data/metric.py
diff --git a/server/src/app/crud/crud_questions.py b/server/src/app/data/question.py
similarity index 67%
rename from server/src/app/crud/crud_questions.py
rename to server/src/app/data/question.py
index 6b1b798..f3c568e 100644
--- a/server/src/app/crud/crud_questions.py
+++ b/server/src/app/data/question.py
@@ -22,18 +22,6 @@ def read_question(question_id: int):
         question = session.get(Question, question_id)
     return question
 
-# #TODO adapt logic with args
-# def update_question(question_id: int, content: str, uri: str):
-#     with Session(engine) as session:
-#         question = session.get(Question, question_id)
-#         question.content = content if content else question.content
-#         question.uri = uri if uri else question.uri 
-        
-#         session.add(question)
-#         session.commit()
-#         session.refresh(question)
-
-#TODO : test
 def delete_question(question_id: int):
     with Session(engine) as session:
         question = session.get(Question, question_id)
diff --git a/server/src/app/crud/crud_user.py b/server/src/app/data/user.py
similarity index 100%
rename from server/src/app/crud/crud_user.py
rename to server/src/app/data/user.py
diff --git a/server/src/app/faker_seed.py b/server/src/app/faker_seed.py
index bd6ae02..12f653a 100644
--- a/server/src/app/faker_seed.py
+++ b/server/src/app/faker_seed.py
@@ -1,9 +1,9 @@
 from src.app.models.knowledge import Knowledge
-from src.app.crud.crud_knowledges import create_knowledge
+from src.app.data.knowledge import create_knowledge
 from src.app.models.question import Question
-from src.app.crud.crud_questions import create_question
+from src.app.data.question import create_question
 from src.app.models.metric import Metric
-from src.app.crud.crud_metrics import create_metric
+from src.app.data.metric import create_metric
 
 def faker():
     knowledge1 = Knowledge(content="La connaissance est une notion aux sens multiples, à la fois utilisée dans le langage courant et objet d'étude poussée de la part des sciences cognitives et des philosophes contemporains. ", uri="https://fr.wikipedia.org/wiki/Connaissance")
diff --git a/server/src/app/services/__pycache__/auth.cpython-311.pyc b/server/src/app/services/__pycache__/auth.cpython-311.pyc
index 63c9bee..81a240e 100644
Binary files a/server/src/app/services/__pycache__/auth.cpython-311.pyc and b/server/src/app/services/__pycache__/auth.cpython-311.pyc differ
diff --git a/server/src/app/services/auth.py b/server/src/app/services/auth.py
index 0466b79..7959fda 100644
--- a/server/src/app/services/auth.py
+++ b/server/src/app/services/auth.py
@@ -5,25 +5,29 @@ from datetime import timedelta, datetime, timezone
 from typing import Annotated
 from pydantic import BaseModel
 
-
-import jwt
-from jwt.exceptions import InvalidTokenError
 from fastapi import Depends, HTTPException, status
 from fastapi.security import OAuth2PasswordBearer
-
+import jwt
+from jwt.exceptions import InvalidTokenError
 from argon2 import PasswordHasher
+from argon2.exceptions import (
+    VerifyMismatchError,
+    VerificationError,
+    InvalidHashError,
+)
 
 from src.app.models.user import User
-from src.app.crud.crud_user import get_user
-
+from src.app.data.user import get_user
 
 load_dotenv()
-secret_key = os.environ.get("SECRET")
-algorithm = "HS256"
-access_token_expire_minutes = 10080
+
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/v1/token")
 password_hasher = PasswordHasher()
 
+secret_key = os.environ.get("SECRET_SIGN")
+algorithm = "HS256"
+access_token_expire_minutes = 10080
+
 class Token(BaseModel):
     access_token: str
     token_type: str
@@ -34,7 +38,8 @@ class TokenData(BaseModel):
 def authenticate_user(username: str, password: str):
     user: User = get_user(username)
     if not user:
-        verify_password(password, user.hashed_password)
+        # Add timing to prevent attack
+        password_hasher.hash(password)
         return False
     if not verify_password(password, user.hashed_password):
         return False
@@ -43,10 +48,9 @@ def authenticate_user(username: str, password: str):
 def verify_password(plain_password: str, hashed_password: str) -> bool:
     isValidated: bool = False
     try:
-        isValidated = password_hasher.verify(hashed_password, plain_password)
-    except:
-        isValidated = False
-    return isValidated
+        return password_hasher.verify(hashed_password, plain_password)
+    except (VerifyMismatchError, VerificationError, InvalidHashError):
+        return False
 
 def create_access_token(data: dict):
         expire = datetime.now(timezone.utc) + timedelta(minutes=access_token_expire_minutes)
@@ -65,7 +69,7 @@ async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]) -> Use
         headers={"WWW-Authenticate": "Bearer"},
     )
     try: 
-        payload = jwt.decode(token, secret_key, algorithm)
+        payload = jwt.decode(token, secret_key, algorithms=[algorithm])
         username = payload.get("sub")
         if username is None:
             raise credentials_exception