Learning Java I was sometimes taught to use the private access modifier so as not to expose “sensitive information” to other classes, as if this could open a legitimate security hole. But I’ve never encountered a situation in which restricting member visibility was more than a convenience for modelling a program in an object-oriented fashion.
Are private fields and functions in Java classes actually more “secure” than otherwise?
EDIT — Compilation of best answers.
Why private does not mean “secure”:
- decompilers allow static look at bytecode
- reflection library allows runtime access to private members
What private is good for:
- maintainability of code due to forcing method-level access
- modularity of code by hiding implementation details
I’ve never heard of it — in any serious sense — as a security issue. I mean, decompilers work. You can use them to figure out what’s going on inside the bytecode.
Having
privatemembers is a maintainability issue. If I only give you method-level access to my internals, then my only responsibility is to ensure that my API methods continue to work. I’m not locked into using aDoubleversus aBigDecimalon the insides, so long as my methods continue to returnDoubles (for instance).