From ad0933e549622cf7f9f9fb80781ed9e924d4e686 Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Fri, 4 Jul 2025 13:46:25 +0900
Subject: [PATCH] Import secure programming guide for DRb from ruby/ruby

---
 README.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 71faaff..f6858d0 100644
--- a/README.md
+++ b/README.md
@@ -83,6 +83,15 @@ timeserver = DRbObject.new_with_uri(SERVER_URI)
 puts timeserver.get_current_time
 ```
 
+#### Security
+
+As DRb allows remote clients to invoke arbitrary methods, it is not suitable to
+expose to untrusted clients.
+
+When using DRb, try to avoid exposing it over the network if possible. If this
+isn't possible and you need to expose DRb to the world, you *must* configure an
+appropriate security policy with +DRb::ACL+.
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
@@ -92,4 +101,3 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/ruby/drb.
-