Thank you kindly, StrawberryFride for a patch that:

Enable users to enable only selected methods out of the 
available set of remote methods to restrict remote 
functionality to less harmful methods, such as 
admin_broadcast, or admin_region_query.

OpenSim/ApplicationPlugins/RemoteController/RemoteAdminPlugin.cs

@@ -40,6 +40,7 @@ using OpenSim.Framework.Servers;
 using OpenSim.Region.Environment.Interfaces;
 using OpenSim.Region.Environment.Modules.World.Terrain;
 using OpenSim.Region.Environment.Scenes;
+using System.Collections.Generic;
 
 namespace OpenSim.ApplicationPlugins.RemoteController
 {
@@ -84,24 +85,44 @@ namespace OpenSim.ApplicationPlugins.RemoteController
                     requiredPassword = m_config.GetString("access_password", String.Empty);
 
                     m_app = openSim;
-                    m_httpd = openSim.HttpServer;
+                    m_httpd = openSim.HttpServer;                    
 
-                    m_httpd.AddXmlRPCHandler("admin_create_region", XmlRpcCreateRegionMethod, false);
+                    Dictionary<string, XmlRpcMethod> availableMethods = new Dictionary<string, XmlRpcMethod>();
-                    m_httpd.AddXmlRPCHandler("admin_delete_region", XmlRpcDeleteRegionMethod, false);
+                    availableMethods["admin_create_region"] = XmlRpcCreateRegionMethod;
-                    m_httpd.AddXmlRPCHandler("admin_shutdown", XmlRpcShutdownMethod, false);
+                    availableMethods["admin_delete_region"] = XmlRpcDeleteRegionMethod;
-                    m_httpd.AddXmlRPCHandler("admin_broadcast", XmlRpcAlertMethod, false);
+                    availableMethods["admin_shutdown"] = XmlRpcShutdownMethod;
-                    m_httpd.AddXmlRPCHandler("admin_restart", XmlRpcRestartMethod, false);
+                    availableMethods["admin_broadcast"] = XmlRpcAlertMethod;
-                    m_httpd.AddXmlRPCHandler("admin_load_heightmap", XmlRpcLoadHeightmapMethod, false);
+                    availableMethods["admin_restart"] = XmlRpcRestartMethod;
-                    m_httpd.AddXmlRPCHandler("admin_create_user", XmlRpcCreateUserMethod, false);
+                    availableMethods["admin_load_heightmap"] = XmlRpcLoadHeightmapMethod;
-                    //This handler creates a user with a email, 
+                    availableMethods["admin_create_user"] = XmlRpcCreateUserMethod;
-                    m_httpd.AddXmlRPCHandler("admin_create_user_email", XmlRpcCreateUserMethodEmail, false);
+                    availableMethods["admin_create_user_email"] = XmlRpcCreateUserMethodEmail;
-                    m_httpd.AddXmlRPCHandler("admin_exists_user", XmlRpcUserExistsMethod, false);
+                    availableMethods["admin_exists_user"] = XmlRpcUserExistsMethod;
-                    m_httpd.AddXmlRPCHandler("admin_update_user", XmlRpcUpdateUserAccountMethod, false);
+                    availableMethods["admin_update_user"] = XmlRpcUpdateUserAccountMethod;
-                    m_httpd.AddXmlRPCHandler("admin_load_xml", XmlRpcLoadXMLMethod, false);
+                    availableMethods["admin_load_xml"] = XmlRpcLoadXMLMethod;
-                    m_httpd.AddXmlRPCHandler("admin_save_xml", XmlRpcSaveXMLMethod, false);
+                    availableMethods["admin_save_xml"] = XmlRpcSaveXMLMethod;
-                    m_httpd.AddXmlRPCHandler("admin_load_oar", XmlRpcLoadOARMethod, false);
+                    availableMethods["admin_load_oar"] = XmlRpcLoadOARMethod;
-                    m_httpd.AddXmlRPCHandler("admin_save_oar", XmlRpcSaveOARMethod, false);
+                    availableMethods["admin_save_oar"] = XmlRpcSaveOARMethod;
-                    m_httpd.AddXmlRPCHandler("admin_region_query", XmlRpcRegionQueryMethod, false);
+                    availableMethods["admin_region_query"] = XmlRpcRegionQueryMethod;
+
+                    // Either enable full remote functionality or just selected features                    
+                    string enabledMethods = m_config.GetString("enabled_methods", "all");
+
+                    // The assumption here is that simply enabling Remote Admin as before will produce the same
+                    // behavior - enable all methods unless the whitelist is in place for backward-compatibility.
+                    if (enabledMethods.ToLower() == "all" || String.IsNullOrEmpty(enabledMethods))
+                    {
+                        foreach (string method in availableMethods.Keys)
+                        {
+                            m_httpd.AddXmlRPCHandler(method, availableMethods[method]);
+                        }
+                    }
+                    else
+                    {
+                        foreach (string enabledMethod in enabledMethods.Split('|'))
+                        {
+                            m_httpd.AddXmlRPCHandler(enabledMethod, availableMethods[enabledMethod]);
+                        }
+                    }
                 }
             }
             catch (NullReferenceException)
@@ -871,8 +892,8 @@ namespace OpenSim.ApplicationPlugins.RemoteController
                 m_log.ErrorFormat("[RADMIN] UserExists: failed: {0}", e.Message);
                 m_log.DebugFormat("[RADMIN] UserExists: failed: {0}", e.ToString());
 
-                responseData["success"]     = "false";
+                responseData["success"] = "false";
-                responseData["error"]       = e.Message;
+                responseData["error"] = e.Message;
 
                 response.Value = responseData;
             }
@@ -987,7 +1008,7 @@ namespace OpenSim.ApplicationPlugins.RemoteController
                     if (!m_app.CommunicationsManager.UserService.UpdateUserProfile(userProfile))
                         throw new Exception("did not manage to update user profile");
 
-                    responseData["success"]     = "true";
+                    responseData["success"] = "true";
 
                     response.Value = responseData;
 
@@ -999,8 +1020,8 @@ namespace OpenSim.ApplicationPlugins.RemoteController
                     m_log.ErrorFormat("[RADMIN] UpdateUserAccount: failed: {0}", e.Message);
                     m_log.DebugFormat("[RADMIN] UpdateUserAccount: failed: {0}", e.ToString());
 
-                    responseData["success"]     = "false";
+                    responseData["success"] = "false";
-                    responseData["error"]       = e.Message;
+                    responseData["error"] = e.Message;
 
                     response.Value = responseData;
                 }
@@ -1088,19 +1109,19 @@ namespace OpenSim.ApplicationPlugins.RemoteController
                     else 
                         throw new Exception("Archiver module not present for scene");
                     
-                    responseData["loaded"]   = "true";
+                    responseData["loaded"] = "true";
                     
-                    response.Value           = responseData;
+                    response.Value = responseData;
                 }
                 catch (Exception e)
                 {
                     m_log.InfoFormat("[RADMIN] LoadOAR: {0}", e.Message);
                     m_log.DebugFormat("[RADMIN] LoadOAR: {0}", e.ToString());
 
-                    responseData["loaded"]  = "false";
+                    responseData["loaded"] = "false";
-                    responseData["error"]   = e.Message;
+                    responseData["error"] = e.Message;
 
-                    response.Value          = responseData;
+                    response.Value = responseData;
                 }
 
                 return response;
@@ -1184,19 +1205,19 @@ namespace OpenSim.ApplicationPlugins.RemoteController
                 else 
                     throw new Exception("Archiver module not present for scene");                
 
-                responseData["saved"]   = "true";
+                responseData["saved"] = "true";
 
-                response.Value           = responseData;
+                response.Value = responseData;
             }
             catch (Exception e)
             {
                 m_log.InfoFormat("[RADMIN] SaveOAR: {0}", e.Message);
                 m_log.DebugFormat("[RADMIN] SaveOAR: {0}", e.ToString());
 
-                responseData["saved"]  = "false";
+                responseData["saved"] = "false";
-                responseData["error"]   = e.Message;
+                responseData["error"] = e.Message;
 
-                response.Value          = responseData;
+                response.Value = responseData;
             }
 
             return response;
@@ -1266,8 +1287,8 @@ namespace OpenSim.ApplicationPlugins.RemoteController
                             throw new Exception(String.Format("unknown Xml{0} format", xml_version));
                     }
 
-                    responseData["loaded"]   = "true";
+                    responseData["loaded"] = "true";
-                    response.Value           = responseData;
+                    response.Value = responseData;
                 }
                 catch (Exception e)
                 {
@@ -1276,9 +1297,9 @@ namespace OpenSim.ApplicationPlugins.RemoteController
 
                     responseData["loaded"]  = "false";
                     responseData["switched"] = "false";
-                    responseData["error"]   = e.Message;
+                    responseData["error"] = e.Message;
 
-                    response.Value          = responseData;
+                    response.Value = responseData;
                 }
 
                 return response;
@@ -1354,10 +1375,10 @@ namespace OpenSim.ApplicationPlugins.RemoteController
             }
             catch (Exception e)
             {
-                m_log.InfoFormat("[RADMIN] LoadXml: {0}", e.Message);
+                m_log.InfoFormat("[RADMIN] SaveXml: {0}", e.Message);
-                m_log.DebugFormat("[RADMIN] LoadXml: {0}", e.ToString());
+                m_log.DebugFormat("[RADMIN] SaveXml: {0}", e.ToString());
 
-                responseData["loaded"] = "false";
+                responseData["saved"] = "false";
                 responseData["switched"] = "false";
                 responseData["error"] = e.Message;