When building a Java Applet are there any steps that can be made to prevent a user invoking internal methods?
Theoretically most objects can be analysed and methods can be invoked on a client machine.
In addition to obfuscation are there any other steps that can help prevent this?
My situation is to secure a game where the top score is sent direct from the client.
If your game is too difficult to be automated and played by a bot in a much fruitful manner than any human could do, then it would be a good idea to request the game's state from the server at certain random intervals. You could implement a CAPTCHA-like mechanism that would blend into the game's story and bring the level of Challenge-Response authentication to a small Turing-like test, where the player would have to "prove" from time to time that he is human by solving a specific puzzle. All this time, you verify the evolution of the score, and reject any values that would not fit a precomputed formula of maximal score per level or per unit of time, given the current system's state. I am not a security expert, but I imagine that all this would give a potential attacker quite a hard time.