Can you hack system.out.println() on a jar file?

I have an executable jar file. The java code contains a lot of System.out.println statements. Sometimes, these print statements contain passwords and stuff like that.

I have compiled into an executable jar. There is no console shown. I am considering removing all the System.out.println statements for security purposes, but since there is no console maybe it is not necessary?

My question is can System.out.println() be hacked. In other words, can someone who uses the jar file obtain what is printed out by System.out.println

Jon Skeet
people
quotationmark

Absolutely - they can start your app from the command line rather than by double-clicking on the jar file, and any console output will be shown.

Alternatively, they could write their own wrapper class which redirected System.out to a file.

But fundamentally, if you have any security-sensitive information in your jar file, it will be fairly easy to extract it. It's not clear whether the password in question is something that the user has typed in, or whether it's a password embedded in the jar file - but writing it to the console at least sounds like a bad idea either way.

people

See more on this question at Stackoverflow