summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authorAlex Xu (Hello71) <alex_y_xu@yahoo.ca>2020-11-11 21:32:01 -0500
committerAlex Xu (Hello71) <alex_y_xu@yahoo.ca>2020-11-11 21:32:01 -0500
commit84d24fa1eff86eae6643875f91907df488ce6078 (patch)
treee64efd889109864841b4d92e361c7273f6cb980f /README
parent07a96014142ee9526e420e3cc4695925498ccb25 (diff)
downloadcgit-syntax-highlighting-84d24fa1eff86eae6643875f91907df488ce6078.tar.xz
cgit-syntax-highlighting-84d24fa1eff86eae6643875f91907df488ce6078.zip
improve documentation
Diffstat (limited to 'README')
-rw-r--r--README11
1 files changed, 10 insertions, 1 deletions
diff --git a/README b/README
index 948161c..dc3c53d 100644
--- a/README
+++ b/README
@@ -5,7 +5,7 @@ compared to invoking python on every request.
Requirements:
-- Python 3.5.3 (for aiohttp and asyncio.get_running_loop)
+- Python 3.5.3+ (for aiohttp and asyncio.get_running_loop)
- aiohttp
- pygments
@@ -16,3 +16,12 @@ Usage:
boot. This can be done by `systemctl enable syntax-highlighting` on systemd
machines.
3. Set your cgit source filter to syntax-highlighting-client.sh.
+
+Security:
+
+aiohttp is not designed with security in mind. Slow clients can easily cause
+excessive memory usage by sending very large highlighting requests, or by
+opening a large number of connections and abandoning them. Therefore,
+cgit-syntax-highlighting SHOULD NOT be exposed to the public Internet.
+Suggestions are accepted for more lightweight asynchronous Python HTTP server
+libraries.