- Fix possible timing gap when refreshing http_listen
- Set up tokens or privkeys or tripcodes or something so
clients can't trivially impersonate servers
- Prevent directory traversal attacks
- Error handling
- Reverse proxy to other local servers