- Prevent directory traversal attacks
- Set up tokens or something so clients can't trivially
impersonate servers
- Offer list of clients at server root
- Fix possible timing gap when refreshing http_listen (Just have client wait a few seconds?)
- Parameter for server URL
- Parameter for static file serve path
- Error handling