diff --git a/app.py b/app.py
index abb6205..a0eb398 100644
--- a/app.py
+++ b/app.py
@@ -13,7 +13,11 @@
 
 app.config['DEBUG'] = True
 
-app.config['SQLALCHEMY_DATABASE_URI'] = os.environ.get('DATABASE_URL', 'sqlite:///data.db')
+uri = os.environ.get('DATABASE_URL', 'sqlite:///data.db')
+if uri.startswith("postgres://"):
+    uri = uri.replace("postgres://", "postgresql://", 1)
+
+app.config['SQLALCHEMY_DATABASE_URI'] = uri
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
 app.secret_key = 'jose'
 api = Api(app)
diff --git a/runtime.txt b/runtime.txt
index aefcfbe..5402961 100644
--- a/runtime.txt
+++ b/runtime.txt
@@ -1 +1 @@
-python-3.7.5
+python-3.9.12
diff --git a/security.py b/security.py
index 6d1eb72..70b42ac 100644
--- a/security.py
+++ b/security.py
@@ -1,9 +1,9 @@
-from werkzeug.security import safe_str_cmp
+from hmac import compare_digest
 from models.user import UserModel
 
 def authenticate(username, password):
     user = UserModel.find_by_username(username)
-    if user and safe_str_cmp(user.password, password):
+    if user and compare_digest(user.password, password):
         return user
 
 def identity(payload):