Think along the lines of a POP3 daemon here. The client (CGI script)
connects to localhost:136 and sends a series of single-line commands.

webfiltd starts with root privileges from inetd. This daemon is
relatively simple; the first command received either logs in a
user (switches privileges) or terminates the daemon instance.
	
LOGIN username password int
	Log in with the given username and password, entering
	one of the user's directories given in ~/.webfiltrc
	int == 0	Enters user's dir.good
	int != 0	Enters user's dir.spam
	Responds with +secret on success (with the session secret)
		Now running as username, in given directory
	Responds with -reason on failure and disconnects
		
RELOGIN username secret int
	Log in the given username, continuing the active session
	with given secret. Interpretation of int as with LOGIN.
	Responds with +OK on success
	Responds with -reason on failure and disconnects
	
LIST
	List files inside the directory, one per line.
	The list is terminated with +OK on its own line.
		
LISTEXEC
	List the allowed commands for EXEC, defined in ~/.webfiltrc
	The list is terminated with +OK on its own line.

EXEC command filename
	Execute the given command (found in the LISTEXEC output)
	using filename as the parameter.
	The command output is terminated with +OK on its own line.
	Responds with -reason on failure
	
HEAD filename
	Shows just the headers from filename (up to 1st blank line)
	The file contents are terminated with +OK on its own line
	Responds with -reason on failure
		
GET filename
	Displays the contents of filename.
	The file contents are terminated with +OK on its own line
	Responds with -reason on failure
	
SWAP filename
	Moves the filename from this directory to the other
	(i.e. swaps its spam/good storage path)

QUIT
	Terminates connection
