We've got several java desktop applications running in our intranet. They contain sensitive information in the form of Strings and other data inside the code, which can be easily extracted using jmap/jhat or monitoring the application using tools like VisualVM/jconsole.
I wonder if there's some way the JVM could be started to prevent tools from making heap dumps or attaching to it. I would also need to check from the application's code if that capability is indeed disabled, to abort just in case somebody edited the jvm parameters.
Any idea/hint about this? Thanks in advance.
It sounds like a very bad idea to place any data in the client application you don't want the client to see.
You can create a server side process which has all the "secret" information which acts on the client's behalf and there is no way for the client to access to it (without gaining direct access to the server)