Comments on Minded Security Blog: Is Php the only language doing flexible Base64 dec...

Hey Mate, I've just checked a few oth...

2010-04-25T15:40:25.780-07:00

Hey Mate,
I've just checked a few other Java Base64 implementations.Here you have:

public class Main {

public static void main(String[] args) throws IOException {
String token="a.GVsbG8gd29ybGQ=";

// 1 - com.Ostermiller.util.Base64
System.out.println("1 - "+com.Ostermiller.util.Base64.decode(token));
// 2 - sun.misc.BASE64Decoder !deprecated!
System.out.println("2 - "+new BASE64Decoder().decodeBuffer(token));
// 3 - com.sun.faces.util.Base64
System.out.println("3 - "+com.sun.faces.util.Base64.decode(token.getBytes()));
// 4 - org.apache.axis.utils.Base64
System.out.println("4 - "+org.apache.axis.utils.Base64.decode(token.getBytes()));

//run:
//1 - hello world
//2 - [B@1d8957f
//3 - [B@1abab88
//4 - [B@16cd7d5
}
}

Hi Andrew thanks :) that exactly fit my toughts. ...

2010-04-23T04:45:40.823-07:00

Hi Andrew thanks :)

that exactly fit my toughts.
It to some extent similar to the concept I tried to focus when talking about Hpp.

The good update is that probably in the next release of ModSecurity we will have two Base64 decoders strict and flexible ;)

Stefano

2010-04-23T04:36:59.885-07:00

This comment has been removed by a blog administrator.

http://www.ietf.org/rfc/rfc2045.txt Page 25: Any c...

2010-04-22T04:32:19.103-07:00

http://www.ietf.org/rfc/rfc2045.txt
Page 25:
Any characters outside of the base64 alphabet are to be ignored in base64-encoded data.
...
That's about the rfc.
(found on org.apache.commons.codec.binary.Base64 implementation)