Chapter 4 ?– Programmatic Security 190
If you care about the details, base64 encoding is explained in RFC 1521. To
retrieve Requests for Comments (RFCs), start at http://www.rfc-editor.org/ to get a
current list of the RFC archive sites. However, there are probably only two things
you need to know about base64 encoding.
First, it is not intended to provide security, as the encoding can be easily reversed.
So, base64 encoding does not obviate the need for SSL (see Section 3.3) to thwart
attackers who might be able to snoop on your network connection (no easy task
unless they are on your local subnet). SSL is a variation of HTTP where the entire
stream is encrypted. It is supported by many commercial servers and is generally
invoked by use of https in the URL instead of http. Servlets can run on SSL servers
just as easily as on standard servers, and the encryption and decryption are handled
transparently before the servlets are invoked. See Chapter 3 (Declarative Security)
for examples.
The second point you should know about base64 encoding is that Sun provides
the sun.misc.BASE64Decoder class, distributed with JDK 1.1 and later, to
decode strings that were encoded with base64. In JDK 1.3 or later it can be found in
the sun.misc package in jdk_install_dir/jre/lib/rt.jar. Just be aware that classes in
the sun package hierarchy are not part of the official language specification and thus
are not guaranteed to appear in all implementations.
Pages:
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239