[Yanel-dev] YanelServlet, Base64 and Sun private code
Guillaume Déflache
guillaume.deflache at wyona.com
Wed Sep 2 12:41:41 CEST 2009
Hi!
YanelServlet currently uses sun.misc.BASE64Decoder internally for HTTP
Basic Authentication.
In case you don't know why it's a bad idea to use "sun.*" packages,
please read http://java.sun.com/products/jdk/faq/faq-sun-packages.html
Basically this is not guaranteed to be backward-compatible. And also
apparently some security managers' configurations (e.g. on some cloud
platforms maybe?) forbid their use.
This class seems to be the only case in Yanel trunk and contributions'
code ATM.
As a alternative one should use a library.
Choices are (in order of decreasing relevance IMHO):
1) Apache Commons codec, which the Yanel webapp does do not depend on yet
2) javax.mail.internet.MimeUtility from Java Mail, which the Yanel
webapp does not depend on yet
3) org.bouncycastle.util.encoders.Base64 which seems not be in the main
Maven 2 repo but AFAICS we never used it in Yanel yet AFAIK
http://www.nabble.com/Alternatives-for-Base64Decoder-and-Base64Encoder--td16146654.html
5) https://base64.dev.java.net/ which is licensed under SCSL (is that
Apache-compatible?) and seems not be in the main Maven 2 repo
6) if speed is a concern we might have a look at
http://migbase64.sourceforge.net/ which is not in Maven repo but is
BSD-licensed and does not do anything else
See http://www.rgagnon.com/javadetails/java-0598.html for more details
on some of these.
See also the original sun bug:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4235519
Which one should we use?
Cheers,
Guillaume
More information about the Yanel-development
mailing list