Does ASIHTTPRequest uses Base64 encoding for username and password? On the webpage I only found out that the username/password is in plain text if SSL is not used.
Basic authentication always uses base64 encoding, and hence ASIHTTPRequest using base64 for basic authentication.
This is often described as passing the username/password in "plain text" as base64 is trivial to decode.
If you use basic authentication over https, then the base64 part containing the username/password is passed over the encrypted https connection, so is no longer in "plain text".
ASIHTTPRequest uses encoding, if you have not specified anything default will be NSISOLatin1StringEncoding.
I am sure it supports NSUTF8StringEncoding.
Related
I have set up TLS to transfer passwords securely. Now I wonder if it is overkill to use form (POST) with enctype = "urlencoded" as also a layer of "protection"? (I know anyone can decode this). The other option is POST with enctype = "multipart" which is transparent / readable directly.
Appreciate all points of view
Encoding in this case is not a security feature (ie. it has nothing to do with security). It doesn't matter how you encode the password, the only purpose of such encoding is to be able to transmit it in a valid HTTP request, considering all the special characters it may have and so on. Security (encryption, server authentication, etc) is provided by TLS under HTTP.
I just start work with SSO Saml and have some confuses that would like to clear.
- If I have to encode AuthnRequest with three mechanisms Deflate encode, Base64 encode, URL encodes. Do I have to use HTTP-Redirect to send message request?
- I refer to https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf page 16 for HTTP-Redirect Biding.
- If I using HTTP-Redirect Biding. Do I have to provide all 4 parameters SAMLRequest=value&RelayState=value&SigAlg=value&Signature=value or just two parameters SAMLRequest=value&RelayState=value I already have enough condition to send request to IdP.
If I have to encode AuthnRequest with three mechanisms Deflate encode,
Base64 encode, URL encodes. Do I have to use HTTP-Redirect to send
message request? - I refer to
https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf
page 16 for HTTP-Redirect Biding. - If I using HTTP-Redirect Biding.
Yes, thats the requirement because in HTTP-Redirect you send the request as URL parameter hence need to minimize it in length/size.
Do I have to provide all 4 parameters
SAMLRequest=value&RelayState=value&SigAlg=value&Signature=value or
just two parameters SAMLRequest=value&RelayState=value I already have
enough condition to send request to IdP.
That depends on what is require by IDP but SAMLRequest is mandatory AFAIK.
I'm pulling some mail from the Gmail API. I've got some sample body text here. This is after base-64 decoding. This is the body of a sample email from my inbox.
Mobile Web Developer - new
Moovweb
http://www.glassdoor.com/partner/jobListing.htm?pos=101&ao=77320&s=224&guid=00000152113cfb4fa8f086376239205e&src=GD_JOB_AD&t=JA&extid=13&exst=O&ist=&ast=O&vt=e&ja=23120341&uido=50A7E22F0FAE3A77415539AAADB05038&slr=false&cb=1451988155901&jobListingId=1579397251&utm_medium=email&utm_source=jobalert&utm_campaign=jobAlertAlert&utm_content=ja-viewjob&encryptedUserId=50A7E22F0FAE3A77415539AAADB05038
Web Developer - new
Applied Systems
http://www.glassdoor.com/partner/jobListing.htmÃœÃLL‰˜[ÃMŒŽIÅ“ÃLŒ￾ â„¢ÃZYLMLÅ’LLØÙ˜￾˜NÅ’
Å’ÃÃÅ’Å’ÃŽLÅ’
YIœÜ˜ÃQÑғ×ÃQ ￾R￾Iâ„¢^YLLÉ™^ÃSÉš\ÃIËœ\ÃSÉ￾￾YIÅ¡ËœOLÅ’ÃŒLÅ’ÃI￾ZYÃMLMÑLŒ‘Œ￾QLÃMÃÃMMLÃŽPPPQÅ’
LÎ œÛ￾Y˜[ÙI˜Ø￾LM
LNNMMNLŽIš›Ø“\Ã[™ÒYLMLN
LŽ
As you can see, after base-64 decoding it, part of it is decoded correctly, such as the title nad the url. The garbage bellow is the content that was originally html and css, I believe, so it makes sense that it would have been encoded differently on Google's side. Does anyone know what encoding this is?
I've tried:
`mb_convert_encoding($body_string, "UTF-8", "Windows-1252");`
and
`mb_convert_encoding($body_string, "UTF-8", "ISO-8859-1");`
With no luck.
Special characters in Password are converting URL into a String and truncating the URL after the password in the URL .
Here is what I am using
webbrowser.navigate("http://username:pww#word#www.something.com")
when I see the above request in the VS browser it is like ..
http://username:pww
and the result is "Page Not Found "
When there is no special character in the password the link goes fine without any issues ..Please Help Thanks In Advance
webbrowser.navigate("http://username:pww%40word#www.something.com")
Please use HTTP POST instead of HTTP GET to send passwords to your website. Special characters don't matter so much with POST, and it's somewhat more secure (user's neighbor can't see the password in the URL bar).
If you must use GET, URL-encode the password. For example, you can replace "#" with "%40". For C#, see HttpUtility.UrlEncode. You'll probably need to encode username and password separately, and then build the URL.
Using SMTP, how do you send Unicode/UTF-8 e-mails?
Am I expected to base64 encode the UTF-8 body and specify that in the MIME header or...? How about the headers?
I'm sure there's a standard somewhere the describes this...
Check out the RFC 2047.