Hi Folks, Is base64 encoded data good? Bad? A security risk? A simple mechanism for data privacy? It is probably all of those. Below I have attempted to objectively state the facts. Am I missing any facts? /Roger
1. Base64-encoded data is plain text, consisting of these 64 ASCII characters: a-z, A-Z, 0-9, +, / and the equals symbol ( = ). 2. Any type of file, from plain text to binary executable, can be base64-encoded. 3. There is nothing in base64-encoded data which tells the media type of the data. External information must be provided to tell the media type. Without external information, the media type must be discovered (if possible). 4. Decoding base64 text is a trivial task. 5. Data that is base64-encoded cannot be directly viewed, used, or inspected. 6. Compared to data that is not encoded, viewing/using/inspecting base64-encoded data requires an additional step: decode and then view/use/inspect. 7. Without external information about the media type of the data that is base64-encoded, there are two additional steps to viewing/using/inspecting base64-encoded data: decode, determine the media type (if possible), and then view/use/inspect. 8. Text formats such as XML and JSON cannot carry binary data. If binary data must be carried by a text format, the binary data can be base64-encoded, thus generating plain text, and then the base64-encoded plain text can be carried by the text format. |