From e1b375628a8e8bedb463f44a88d4eed28cf4e53f Mon Sep 17 00:00:00 2001
From: John Campbell <jcampbell1@gmail.com>
Date: Wed, 22 Feb 2017 13:06:15 -0500
Subject: [PATCH] Adding a word of warning about allowing uploads on the public
 web

---
 README.md | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 26028ec..a4c6d8e 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,18 @@ Just copy `index.php` to a folder on your webserver.
 - Suits my aesthetics.  More like Dropbox, and less like Windows Explorer
 - Works with Unicode file names
 - The interface is usable from an iPad
-- XSRF protection (though no authentication system)
+- XSRF protection, and an optional password.
+
+## Do not allow uploads on the public web
+
+If you allow uploads on the public web, it is only a matter of time before your server is hosting and serving very illegal content. Any of the following options will prevent this:
+ - Don't make the folder writable by the webserver `chmod 775`
+ - Set `$allow_upload = false`
+ - Use a password `$PASSWORD = 'some password'`
+ - Use a `.htaccess` file with Apache, or `auth_basic` for nginx
+ - Only use this on a private network
+
+ HT: [@beardog108](https://github.com/beardog108)
 
 ## Screenshot