Can a secret be hidden in a 'safe' java class offering access credentials?

Question

This is a brainstorming question about what\'s possible in Java (or not). I want to know if it is possible to hide a secret within a class and prevent anymore from accessing

Answer 1

This "security" is laughable.

Where does it run? On my desktop? I connect to the JVM with debugger and view all the secrets in clear text.

Or I place my code next to it and use reflection to dump the content.

Or I inject my own code modification via BCEL, and modify the constructor of Safe to dump the "secret" value to a file.

Or I simply replace the whole package with mine with the same name by placing it into bootstrap classloader.

Or I can even modify and compile java sources to get a modified JVM.

Or... my, one can list dozens of ways to extract a value from a runtime instance!

The real question in any security design is: who is a attacker? What is the threat model? Without answering this the topic is pointless.