improve documentation

2 files changed, 10 insertions, 12 deletions

diff --git a/README b/README
index 948161c..dc3c53d 100644
--- a/README
+++ b/README
@@ -5,7 +5,7 @@ compared to invoking python on every request.
 
 Requirements:
 
-- Python 3.5.3 (for aiohttp and asyncio.get_running_loop)
+- Python 3.5.3+ (for aiohttp and asyncio.get_running_loop)
 - aiohttp
 - pygments
 
@@ -16,3 +16,12 @@ Usage:
    boot. This can be done by `systemctl enable syntax-highlighting` on systemd
    machines.
 3. Set your cgit source filter to syntax-highlighting-client.sh.
+
+Security:
+
+aiohttp is not designed with security in mind. Slow clients can easily cause
+excessive memory usage by sending very large highlighting requests, or by
+opening a large number of connections and abandoning them. Therefore,
+cgit-syntax-highlighting SHOULD NOT be exposed to the public Internet.
+Suggestions are accepted for more lightweight asynchronous Python HTTP server
+libraries.
diff --git a/syntax-highlighting-server.py b/syntax-highlighting-server.py
index a1e30d6..481c4c0 100755
--- a/syntax-highlighting-server.py
+++ b/syntax-highlighting-server.py
@@ -1,16 +1,5 @@
 #!/usr/bin/env python3
 
-# syntax-highlighting-server.py: create a simple HTTP server to highlight
-# source for cgit. improves performance compared to invoking python on every
-# request.
-#
-# Requirements: Python 3, pygments.
-#
-# Usage: Configure your system to run this at boot. Note that this program is
-# not hardened, and it can be trivially DoSed. therefore, do not configure it
-# to listen on a public network. Once configured, set your cgit source filter
-# to syntax-highlighting-client.sh.
-
 import pygments
 from pygments import highlight
 from pygments.formatters import HtmlFormatter