* include some tmp file cleaner scripts or atleast leave recommendations
* by spoofing the request, it might be currently possible to upload files
to a parent dictionary; this should be tested and fixed, but should be fine
as long as the person running the service doesnt run it as root