5.1 Security Considerations for Implementers

This protocol allows a client to request that the server activate a local object by name. This could potentially result in the client being able to run arbitrary code on the server.

Implementers can safeguard against this threat by restricting the set of Remoting Types a client can request to those that are known to be safe—for example, by maintaining a list of allowable Remoting Types for the application to configure.