Skip to Content.
Sympa Menu

mace-opensaml-users - RE: RE: Base64 encoding exception

Subject: OpenSAML user discussion

List archive

RE: RE: Base64 encoding exception


Chronological Thread 
  • From: "Richard Gundersen" <>
  • To:
  • Cc:
  • Subject: RE: RE: Base64 encoding exception
  • Date: Tue, 04 May 2004 11:10:23 +0100
I agree

Strings are nicer to use, but arrays are more secure. If you look at any of the LoginModule classes in JAAS for example, they always store passwords as char[] and wipe them as soon as they are able.

-Richard


From: "Konstantin Shmakov"
<>
To:
<>
Subject: RE: RE: Base64 encoding exception
Date: Mon, 3 May 2004 17:02:48 -0700

Pardon for intrusion; but Strings are immutable and I thought this is
the main reason they are not used in cryptographic operations. Besides
inability to set/swap individual bytes one will have hard time even to
erase String object holding an encoded certificate.
Sorry if the comment is out of topic.
--Konstantin

-----Original Message-----
From: Mark Wilcox
[mailto:]
Sent: Monday, May 03, 2004 4:49 PM
To: 'Scott Cantor';
;

Subject: RE: RE: Base64 encoding exception


Here's three ways of looking at it

From an ease of programmer use, String is probably the easiest (not that
getting bytes or converting bytes back into strings is that cumbersome,
though a bit verbose in code).

From a performance and encoding perspective, byte arrays are better.

From a OO perspective, it would be better to pass Base64Encoded objects
with methods that get/set String & byte arrays. I like that idea because
the methods that are using Base64 encoded data can have the assurance
they are using B64 data without having to do any type of checking.

That being said, whatever you have it now, will be fine for 1.0 :).

Mark


> -----Original Message-----
> From: Scott Cantor
[mailto:]
> Sent: Monday, May 03, 2004 7:01 PM
> To:
;


> Subject: RE: RE: Base64 encoding exception
>
> > On a related note, why are the base64 functions based on byte [] on
> > the encoded side ? wouldn't they be more useful if they returned /
> > accepted a string ?
>
> It's been both at various times, and is mostly driven by the base64
> implementation I happened to be using. I'm not sure I see much
> distinction in the functionality, but then I'm not much of a Java
> programmer either. Is there a reason to assume only String is useful
> and force the conversion?
>
> -- Scott



_________________________________________________________________
Sign-up for a FREE BT Broadband connection today! http://www.msn.co.uk/specials/btbroadband


Archive powered by MHonArc 2.6.16.

Top of Page