Sunday 17 February 2013

Encoding and Decoding


The best security practices concerning to web applications is storing sensitive data like passwords into the database while authenticating.
There are two terms: Encoding and Encryption. Here it is explained about Encoding but not Encryption.
Encoding is used to transform a set of Unicode characters into a sequence of bytes. Where as Decoding is the process of transforming a sequence of encoded bytes into a set of Unicode characters.
The Unicode Standard assigns a code point (a number) to each character in every supported script. A Unicode Transformation Format (UTF) is a way to encode that code point.
The Unicode Standard version 3.2 uses the following UTFs:
  • UTF-8, which represents each code point as a sequence of one to four bytes.
  • UTF-16, which represents each code point as a sequence of one to two 16-bit integers.
  • UTF-32, which represents each code point as a 32-bit integer.
This encoding and decoding can be used to stroe the passords of users in the database table. After encoding a string, it can be get back by decoding it.
A Hash function can also used to secure the data. A hash function is an algorithm that takes a variable-length string as the input and produces a fixed-length binary value (hash) as the output.
But once it is stored in the database ,the original value cannot be retrieved. So it is a one-way function.This can be explained in another aricle.
To secure sensitive data like passwords add some salt(additional string) to the string to be encoded. And while comparing the strings use the same salt by adding to the string and decode it. if both are same ,the result is true otherwise false.

The class used is : System.Text.Encoding
The given simple code encodes and decodes a string. In this example encoding type used is UTF8.You can use any UTF type like 8, 16, 32.

private string EncodeData(string sData)
{
try
{
byte[] toencodeData = new byte[sData.Length];
toencodeData = System.Text.Encoding.UTF8.GetBytes(sData);
//encodes all the characters into a specified sequence of bytes
string encodedData = Convert.ToBase64String(toencodeData);
return encodedData;
}
catch (Exception ex)
{
throw new Exception("Error in EncodeData" + ex.Message);
}
}
public string DecodeData(string sData)
{
System.Text.UTF8Encoding utf8encoder = new System.Text.UTF8Encoding();
System.Text.Decoder utf8Decoder = utf8encoder.GetDecoder();
byte[] tobedecode_byte = Convert.FromBase64String(sData);
//converts the specified System.String,which encode binary data as base 64 digits,to an equivalent 8-bit unsigned integer array
int char_Count = utf8Decoder.GetCharCount(tobedecode_byte, 0, tobedecode_byte.Length);
//calaculates the number of characters produced by decodeing a sequence of bytes from the specified byte array

char[] decoded_char = new char[char_Count];

utf8Decoder.GetChars(tobedecode_byte, 0, tobedecode_byte.Length, decoded_char, 0);
//Decodes a sequence of bytes from the specified byte array and any butes in the internal buffer into the specified character array
string resultstring = new String(decoded_char);
return resultstring;
}

No comments:

Post a Comment