The new RMI security mechanisms allow access control checks to be performed prior to parameter unmarshalling, which is good for avoiding certain kinds of denial of service attacks. However, the read-only bootstrap registry created for secure registries, and the bootstrap activator created for a security rmid, are open to a denial of service attack through code downloading. Since no code should ever need to be downloaded through a bootstrap registry or activator, it would be desirable to disable code downloading for them.