From b0de5e760e770e055e2eaeacbbe1a8b3afb5b123 Mon Sep 17 00:00:00 2001
From: Russell King <rmk@armlinux.org.uk>
Date: Sun, 26 Sep 2021 13:23:24 +0100
Subject: Update README with security and bugs sections

Update the readme file to add a section on security (or lack of!) and
known bugs.

Signed-off-by: Russell King <rmk@armlinux.org.uk>
---
 README | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/README b/README
index 57d9ac6..6da0cfe 100644
--- a/README
+++ b/README
@@ -19,3 +19,16 @@ internet          proxy         httpd server      application
 The reverse proxy is responsible for controlling public access to the
 event streams served by the mini-httpd event server; the event server
 itself should not be publically accessible.
+
+Security
+--------
+Virtually none inherent to the server; if you can connect to the server
+you can read and write the vent stream. However, the server does detect
+a connection forwarded through Apache (via the X-Forwarded* headers)
+and denies the UPDATE command.
+
+Bugs
+----
+Does not treat request header fields case-insensitively
+Does not honour the Expect: 100-continue header
+Probably many more.
-- 
cgit