5.1 Security Considerations for Implementers
This protocol allows a client to request that the server activate a local object by name. This could potentially result in the client being able to run arbitrary code on the server.
Implementers can safeguard against this threat by restricting the set of Remoting Types a client can request to those that are known to be safeāfor example, by maintaining a list of allowable Remoting Types for the application to configure.