My Java desktop application includes a component for communicating with a web service.
We therefore need to include the access details for it within the application, but do not want it to be easily accessible in the event that the code is decompiled (we will be obfuscating).
What techniques can we use to secure these details?
Do not bother encrypting the password in your application. Whatever you do, a determined user will be able to decrypt it and get access to it. My recommendation is to have a username and password for every user. The application will ask the user to enter the credentials and store them (using MD5 for example). If you can't modify the web service to authenticate many users, create a proxy service that can do that. The proxy service, deployed on a secure environment, will be allowed to have access to the username and password of the secured service.