tl;dr: Check out transformtool.codeplex.com for an offline alternative to the online Base64 decoders.Google's keyword tool reports 9,900 monthly searches for "base64 decode online". How many of these searches lead to disclosure of sensitive business information, or personal information (PII) to one of the Base64 decoding webpages? None of these searches are from IT-professionals trying to figure out what's wrong in a production system, right?
 |
| Top Google results for "base64 decode online" at time of writing |
Doing a quick review of the top ten results of a Google search for base64 decode online I found that none of the online base64 decoders offered secure communications to the server by default (i.e. no HTTPS). That means that whatever data you're sending over the wire is not protected by end-to-end encryption, so you cannot guarantee the confidentiality while it's in transit. Note also that it's no longer Base64 encoded when you get the response back, then it's human readable and can be easily recognized as sensitive information.
The Base64 decoding websites contain no information on whether they might use the data for any purpose, or if the data you send to them is stored in any way on the server(s). So you have no guarantees for the information's confidentiality on the server either. Unless you check specifically (every time!), you have no idea where the sites' web servers are located. In effect you might be shipping company data out of the country. Explain that to the compliance department...
What should you do?
You should install an application locally that lets you decode the data. Web application security proxies such as Burp and Fiddler support Base64 encoding/decoding, and they're also great debugging tools for web applications. However, they might need administrator rights to install properly.
TransformTool is an encoding/decoding tool that supports Base64 (disclaimer: I wrote it). It installs locally and runs with restricted privileges. The installation is simple, and does not require administrator privileges on the computer.
So, find a trustworthy tool that installs locally on your computer. Use that for your Base64 decoding needs instead of sharing the data on the Internet!
I don't know about Fiddler, but Burp Suite definitely does not require administrator rights to install (it's more or less just a .jar file that you run).
ReplyDeleteOk, thanks! As you can see from my previous post, I've uninstalled Java. So I wouldn't know. :)
ReplyDeleteMost Linux distributions comes preinstalled with the "base64" commandline tool. It's even part of the Linux in your browser distribution at http://bellard.org/jslinux/. This means you can do fun things like pasting "c2VjcmV0Cg==" into the clipboard and issuing the command "base64 -d /dev/clipboard".
ReplyDeleteSince it runs entirely within a temporary virtual machine executing locally, no content sent anywhere or is stored anywhere. If you're not willing to trust that Bellard hasn't added any malicious code to the JSLinux you can disable the network after loading up the page.
Cool! Hadn't seen that one. I'm not sure disabling the network would be a viable option, wouldn't that break the Facebook updates? :)
ReplyDeleteI guess Cygwin includes the base64 command line tool too, which would be useful for working with (large) files on a Windoze installation.
Running Linux in the browser made me, well, miss Linux... Thanks a lot.
FYI: There is one online Base64 decoder that does offer secure SSL secure transfer and a decent privacy policy. Check out this one:
ReplyDeleteSecure Base64 Decoder
Hi, thanks for the tip!
DeleteStill, I'll have to stick with my recommendation of finding a tool that can do this locally for you. If you're working with PII or other sensitive data it's not a great idea to post it to some site abroad. :)
louis vuitton outlet
ReplyDeletenike running
vans shoes
oakley store
ray ban sunglasses
oakley canada
ralph lauren outlet
chaussures christian louboutin
borse louis vuitton
mlb jerseys
chenlina20170421
Wanna know more about cell phone lookup by name? Read information here.
ReplyDeleteHi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me.. I am a regular follower of your blog. Really very informative post you shared here. Kindly keep blogging. If anyone wants to become a Java developer learn from Java Training in Chennai. or learn thru Java Online Training from India . Nowadays Java has tons of job opportunities on various vertical industry.
ReplyDeleteLOOKING FOR SOMEONE WRITE All ASSIGNMENT HELP
ReplyDeleteFor getting the best essays written hire the Professional Essay Writers of all assignment help.com who have knowledge in every field to write the best essays for you.Expert assignment helpers of All Assignment Help are well efficient and capable of creating unique assignments for college or university students all across the globe.
Allassignmenthelp best for assignment writing and always provide top-quality paper. We at Top Quality Assignment believe that there is no shortcut to success and to attain success, hard work, dedication, and commitment must be present.AllAssignmentHelp reviews best in writing unique assignment.
ReplyDelete