Is communication between clients and servers in java rmi secure (i.e. e开发者_Python百科ncrypted by default)?
Encoded, yes. Encrypted, no.
JERI for JINI gives JRMP (the RMI protocol) over SSL, IIRC.
JSR #76 would have provided RMI Security, however it was controversially voted down.
I think you mean "encrypted" not "encoded". The answer is no. If you're using RMI in a non-trusted environment I would suggest something like RMI over SSH tunneling.
By secure I guess you mean encrypted. Not by default with RMI. You can use custom socket factories to encrypt RMI comms.
In short, no.
http://java.sun.com/j2se/1.4.2/docs/guide/rmi/faq.html#encryption
In essence, the network channel has to be encrypted if you need things to be secure.
Not mentioned this far: You can set up a VPN between the machines for full layer 2 security.
精彩评论