Not directly. But watch out for some newer servers that support "servlets". Servlets are fine if they are all written by the people running the server site; using servlets in this way is probably better than using CGI scripts. Going beyond this to let clients upload Java servlets into your server is very risky.
Of course, you should be careful about which Java applets appear on your server. Unless you wrote the applet yourself, you don't necessarily know what it's doing. If you copy somebody else's applet, it could possibly be a trojan horse - doing something useful as well as being malicious.
Code security is the approach of using permissions and permission sets for a given code to run. The admin, for example, can disable running executables off the Internet or restrict access to corporate database to only few applications. Role-based security most of the time involves the code running with the privileges of the current user. This way the code cannot supposedly do more harm than mess up a single user account. There’s no better, or 100% thumbs-up approach, depending on the nature of deployment, both code-based and role-based security could be implemented to an extent.
You can request permission to do something and you can demand certain permissions from other apps. You can also refuse permissions so that your app is not inadvertently used to destroy some data.
using System.Security.Permissions; [assembly:FileDialogPermissionAttribute(SecurityAction.RequestMinimum, Unrestricted=true)]