OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] Seek your help in compiling a list of "facts aboutbase64-encoded data"

Points 1->8 make sense to me. But I don't see Base64 as a security risk in and of itself: risk depends on the security model of the receiving application processing that data.  I also don't see it as a privacy mechanism: base64 is easy to decode, so doesn't effectively anything.

As for good /bad - that too depends. Good if you want / need to encode arbitrary data as plain text using just ASCII characters. Not so good if you're trying for small files and don't care about embedding in a text file.

On 14-Sep-17 9:09 AM, Costello, Roger L. wrote:

Hi Folks,


Is base64 encoded data good? Bad? A security risk? A simple mechanism for data privacy? It is probably all of those. Below I have attempted to objectively state the facts. Am I missing any facts?  /Roger
1.       Base64-encoded data is plain text, consisting of these 64 ASCII characters: a-z, A-Z, 0-9, +, / and the equals symbol ( = ).
2.       Any type of file, from plain text to binary executable, can be base64-encoded. 
3.       There is nothing in base64-encoded data which tells the media type of the data. External information must be provided to tell the media type. Without external information, the media type must be discovered (if possible).
4.       Decoding base64 text is a trivial task. 
5.       Data that is base64-encoded cannot be directly viewed, used, or inspected.
6.       Compared to data that is not encoded, viewing/using/inspecting base64-encoded data requires an additional step: decode and then view/use/inspect. 
7.       Without external information about the media type of the data that is base64-encoded, there are two additional steps to viewing/using/inspecting base64-encoded data: decode, determine the media type (if possible), and then view/use/inspect.
8.       Text formats such as XML and JSON cannot carry binary data. If binary data must be carried by a text format, the binary data can be base64-encoded, thus generating plain text, and then the base64-encoded plain text can be carried by the text format.

Ian Graham // <http://www.iangraham.org> 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS