{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 劳资没心,怎么记你 的问题《Are private members really more “secure” in Java?》','https://www.manongdao.com/q-552789.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Learning Java I was sometimes taught to use the private access modifier so as not to expose "sensitive information" to other classes, as if this could open a legitimate security hole. But I've never encountered a situation in which restricting member visibility was more than a convenience for modelling a program in an object-oriented fashion.
Are private fields and functions in Java classes actually more "secure" than otherwise?
EDIT -- Compilation of best answers.
Why private does not mean "secure":
- decompilers allow static look at bytecode
- reflection library allows runtime access to private members
What private is good for:
- maintainability of code due to forcing method-level access
- modularity of code by hiding implementation details
I agree in general with the answers so far (i.e. that
privateis really for code hygiene not real security). Various answers have pointed out that you can bypassprivateusing reflection. Note that you can, in turn, disable reflection if you enable a Java SecurityManager. See particularly the ReflectPermission. However, security managers are rarely used (outside the normal browser sandboxing).No, they are not more "secure" in that sense, though some (very poor) books on Java try to explain
privatein that way. If an attacker had the ability to cause arbitrary Java code to be run in your process, all "security" is already gone. And as another answer already mentioned, reflection can bypass theprivateaccess modifier.