diff --git a/README.md b/README.md
index eaff388..9adf526 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,14 @@ Call your site with GET parameters to change the WhiteboardID or the Username
* whiteboardid => All people with the same ID are drawing on the same board
* username => The name witch is showing to others while drawing
+## Security - AccessToken (Optional)
+To prevent clients who might know or guess the base URL to use the Server for file uploads and stuff..., you can set an accesstoken at server start.
+
+Without docker: `node server.js --accesstoken="mySecToken"`
+
+With docker: `docker run -d -e accesstoken="mySecToken" -p 8080:8080 rofl256/whiteboard`
+
+Client (With and without docker): `http://YOURIP:8080?accesstoken=mySecToken&whiteboardid=MYID&username=MYNAME`
## Things you may want to know
* Whiteboards are gone if you restart the Server, so keep that in mind (or save your whiteboard)
@@ -70,4 +78,7 @@ Note: You might have to serve the app with https (If your nextcloud server runs
Upload both icons present at /doc/nextcloud_icons/ to your nextcloud at the "external sites" admin section. Then set it as symbol on your link.
-___ MIT License ___
+
+
+
+___ MIT License ___
\ No newline at end of file
diff --git a/package.json b/package.json
index ea670dc..49fdc5d 100644
--- a/package.json
+++ b/package.json
@@ -6,7 +6,7 @@
"directories": {},
"scripts": {
"test": "echo \"No tests needed!\" && exit 1",
- "server": "node server.js"
+ "start": "node server.js"
},
"repository": {
"type": "git",
diff --git a/server.js b/server.js
index c10b3a8..fb8765b 100644
--- a/server.js
+++ b/server.js
@@ -13,6 +13,10 @@ server.listen(PORT);
var io = require('socket.io')(server);
console.log("Webserver & socketserver running on port:"+PORT);
+if(process.env.accesstoken) {
+ accessToken = process.env.accesstoken;
+}
+
var startArgs = getArgs ();
if(startArgs["accesstoken"]) {
accessToken = startArgs["accesstoken"];