I've been learning RMI in a class at school. I wrote an app that works on my lan using two computers (server on Ubuntu, client on Windows XP). My DSL connection has a static IP address, and my teacher would like to show the class how this assignment (midterm) works using a remote server.
I'm wondering if having the open port for the day would be any type of security concern, not that I have anything other than a lot of configuration invested in the server. It doesn't seem like it would be much of a security concern, but I'm not very sophisticated in those matters.
Also, while I'm here, I thought I'd mention a sort of bug I came across trying to gain access to this server. It's the latest version of Ubuntu (8.10, Intrepid), and I kept getting an exception on the client: "Connection refused"; but it had an IP address of 127.0.0.1 instead of the actual address it was connecting to. I found out the error was caused by the default hosts file, which had the first two lines as:
After changing the 2nd line to the lan IP address of MyMachineName, it worked fine. Maybe this will help someone else sometimes, and save a few hours of hair pulling that it cost me.
Opening a port on any machine is vulnerable to hacker attacks. This is the reason why people use SSL with RMI so that its not available freely to anyone who can sniff that you have opened a port on a publicly available machine.
About the point you have mentioned, it is basically because of the fact that all RMI Stubs have a hostname and port for the server machine using which they make a connection to the server. By default the hostname is the local loopback (or the IP specified for localhost) of the server machine. Either you can change your /etc/hosts file or simply specify a jvm property java.rmi.server.hostname or use a custom client socket factory while creating the RMI stub.