diff --git a/server.rb b/server.rb
index 3bbbce5..1c2b985 100644
--- a/server.rb
+++ b/server.rb
@@ -2,6 +2,7 @@ require 'logger'
 require 'sequel'
 require 'sqlite3'
 require 'sinatra/base'
+require 'rack/protection'
 
 # Load the Sequel timestamps plugin
 Sequel::Model.plugin :timestamps
@@ -16,11 +17,17 @@ class StageManager < Sinatra::Base
   def self.new(*) self < StageManager ? super : Rack::URLMap.new(@@my_app) end
   def self.map(url) @@my_app[url] = self end
 
+  # Enable and configure sessions
   enable :sessions
 
+  # Enable rack protection middleware
+  use Rack::Protection
+
+  # Set up static file serving
   enable :static
   set :public_folder, __dir__ + '/public'
 
+  # Set up our view engine
   set :views, settings.root + '/views'
 
   # Initialize logging