improve documentation

author: Alex Xu (Hello71) <alex_y_xu@yahoo.ca> 2020-11-11 21:32:01 -0500
committer: Alex Xu (Hello71) <alex_y_xu@yahoo.ca> 2020-11-11 21:32:01 -0500
commit: 84d24fa1eff86eae6643875f91907df488ce6078 (patch)
tree: e64efd889109864841b4d92e361c7273f6cb980f /README
parent: 07a96014142ee9526e420e3cc4695925498ccb25 (diff)
download: cgit-syntax-highlighting-84d24fa1eff86eae6643875f91907df488ce6078.tar.xz
cgit-syntax-highlighting-84d24fa1eff86eae6643875f91907df488ce6078.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/README b/README
index 948161c..dc3c53d 100644
--- a/README
+++ b/README
@@ -5,7 +5,7 @@ compared to invoking python on every request.
 
 Requirements:
 
-- Python 3.5.3 (for aiohttp and asyncio.get_running_loop)
+- Python 3.5.3+ (for aiohttp and asyncio.get_running_loop)
 - aiohttp
 - pygments
 
@@ -16,3 +16,12 @@ Usage:
    boot. This can be done by `systemctl enable syntax-highlighting` on systemd
    machines.
 3. Set your cgit source filter to syntax-highlighting-client.sh.
+
+Security:
+
+aiohttp is not designed with security in mind. Slow clients can easily cause
+excessive memory usage by sending very large highlighting requests, or by
+opening a large number of connections and abandoning them. Therefore,
+cgit-syntax-highlighting SHOULD NOT be exposed to the public Internet.
+Suggestions are accepted for more lightweight asynchronous Python HTTP server
+libraries.
author	Alex Xu (Hello71) <alex_y_xu@yahoo.ca>	2020-11-11 21:32:01 -0500
committer	Alex Xu (Hello71) <alex_y_xu@yahoo.ca>	2020-11-11 21:32:01 -0500
commit	84d24fa1eff86eae6643875f91907df488ce6078 (patch)
tree	e64efd889109864841b4d92e361c7273f6cb980f /README
parent	07a96014142ee9526e420e3cc4695925498ccb25 (diff)
download	cgit-syntax-highlighting-84d24fa1eff86eae6643875f91907df488ce6078.tar.xz cgit-syntax-highlighting-84d24fa1eff86eae6643875f91907df488ce6078.zip