{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 手持菜刀,她持情操 的问题《Base64 encoding in HTTP Basic Auth》','https://www.manongdao.com/q-356577.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am wondering what is the purpose of encoding the String: "login:password" in base 64 when using HTTP Basic Auth.
- Base 64 is usually used to send binary data through ASCII only protocols. But the login:password is already a String
- It does not add any level of security
- The output is longer than the input, so it does not improve performances
I am probably missing something since it does currently seems to me that this encoding just adds an unneeded layer of complexity.
Thank you
My first thought is that it's encoded in Base64 simply to make it less blatantly obvious that it's actually a username and a password.
Secondly, people can put all sorts of strange characters in their passwords -- encoding it in Base64 puts the data in a format that is less "messy", if you will.
Also, the length of the output in the Base64 string is fairly negligible; a couple extra packets of data isn't going to degrade performance any noticeable amount.
From Wikipedia:
Wikipedia seems to confirm my initial thoughts. Cheers!
The encoding with base64 is usually followed up by connecting through an SSL connection, which will then encrypt the encoded username and password for additional security.
From http://en.wikipedia.org/wiki/Basic_access_authentication