[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Seek your help in compiling a list of "facts about base64-encodeddat

  • From: "Costello, Roger L." <costello@mitre.org>
  • To: "xml-dev@lists.xml.org" <xml-dev@lists.xml.org>
  • Date: Sat, 16 Sep 2017 13:09:01 +0000

RE: Seek your help in compiling a list of "facts about base64-encodeddat
Hi Folks,
Thank you for your excellent comments. I added them to my list. Below is the updated list. Is it missing anything?  /Roger
Here are some things to know about base64:
1.       Base64 encoding is specified in RFC 4648.
2.       Base64-encoded data is plain text. 
3.       There are several base64 alphabets:
a.       The standard base64 alphabet consists of these 64 ASCII characters: a-z, A-Z, 0-9, +, / and the equals symbol ( = ). 
b.       In the URL and Filename safe base64 alphabet, the plus symbol ( + ) is replaced with a minus sign ( - ) and the forward slash symbol ( / ) is replaced with an underscore symbol ( _ ).  
c.       Other base64 alphabets are called non-standard, or custom, base64 alphabets.
d.       As a common extension, base64 can also contain arbitrary whitespace, which is ignored.
4.       Any type of file, from plain text to binary executable, can be base64-encoded. 
5.       Base64-encoding enables binary objects to be transported using text-based protocols, such as SMTP.
6.       People have created regular expressions that specify the pattern of base64 text. It is possible for text to match the regular expression and yet not be base64. That is, text that appears to be base64, may not be.
7.       External information must be provided to tell whether text is base64.
8.       If external information says that text is base64, the external information might be incorrect, either by accident or by intent.
9.       Performing base64 decoding on data that is not base64 might cause harm. 
a.       Is there a way to perform base64 decoding that is guaranteed to never cause harm?
10.   There is nothing in base64-encoded data which identifies the media type of the data. External information must be provided to tell the media type. Without external information, the media type must be discovered (if possible).
11.   If there is external information about the media type of the data, the external information might be incorrect, either by accident or by intent.
12.   Processing an object, assuming it is of media type A when it is actually of media type B, might cause harm. 
13.   Decoding base64 text is a trivial task. 
14.   Data that is base64-encoded cannot be directly viewed, used, or inspected.
15.   Compared to data that is not encoded, viewing/using/inspecting base64-encoded data requires an additional step: decode and then view/use/inspect. 
16.   Without external information about the media type of the data that is base64-encoded, there are two additional steps to viewing/using/inspecting base64-encoded data: decode, determine the media type (if possible), and then view/use/inspect.
17.   Text formats such as XML and JSON cannot carry binary data. If binary data must be carried by a text format, the binary data can be base64-encoded, thus generating plain text, and then the base64-encoded plain text can be carried by the text format.
18.   The size of base64-encoded data is roughly 4/3 the size of the original data. 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]


Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
First Name
Last Name
Subscribe in XML format
RSS 2.0
Atom 0.3

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.

Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.