I write a simple RMI application. I found out that the Client after getting the RMI-Registry can execute successful the Registry.unbind() method. This is in my opinion a security risk. Why it is allowed to the Client to unbind the Name in the remote Registry? A evil person can do this with a modification of the Code and all my other Clients cann't connect to my Server because the binding was removed.
Is there a possibility to deny this, maybe in the Java policy?
This can only happen if the client is running in the same host as the Registry. If you are having security problems wth your own clients, you have a much bigger problem than anything RMI can solve for you.