Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Passwords

 
Bob Moranski
Ranch Hand
Posts: 177
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I have this following code I don't quite understand.
1). Is the user info contained all within the first 6 letters of the Authorization header?
2). I can not find documentation to BASE64Decoder. What is it? And what does its decodeBuffer(String) do?

String authorization = request.getHeader("Authorization");
if (authorization == null) {
askForPassword(response);
} else {
String userInfo = authorization.substring(6).trim();
BASE64Decoder decoder = new BASE64Decoder();
String nameAndPassword =
new String(decoder.decodeBuffer(userInfo));
Thanks in advance!
 
Carl Trusiak
Sheriff
Posts: 3341
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I believe your confusion here is caused by you only looking at one side of the picture. What this code is doing is checking to see if this person has accessed a page on your site and logged in yet. If not, it makes them login. When they do, that login will place in the header of the first response the information contained in Authorization including what the first 6 characters are and use Base64Encoder for the remainder. As a guess, the programmers encode this information to make it dificult for anyone snooping the traffic from obtaining someones password. To understand this fuller look at the login class that sets the Authorization information in the header.
BTW Base64Encoder and Base64Decoder are in a sun specific package sun.misc and I don't know if they have released any documentation on it.
Hope this helps
[This message has been edited by Carl Trusiak (edited December 01, 2000).]
 
Bob Moranski
Ranch Hand
Posts: 177
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you so much Carl.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic