...
- The sensitive information can become accessible to whoever has access to the source code, for example, the developers.
Wiki Markup Once the system goes into production, it can become unwieldy to manage and accommodate changes to the code. For instance, a change in password will have to be communicated using a patch \[[Chess 07|AA. Java References#Chess 07]\].
- In certain cases, it can also violate the fundamental principle of recalling the memory used to store the sensitive information as soon as the required operation has concluded. A carefully administered heap dump or application monitoring through a JVM debugger can expose the sensitive information if it persists over an extended period of time.
- Malicious users may use decompilation techniques to resurrect the hardcoded sensitive information. This is a critical security vulnerability.
...