- Set up tokens or privkeys or tripcodes or something so 
clients can't trivially impersonate servers

- Prevent directory traversal attacks
- Error handling

- Reverse proxy to other local servers