Hi Manuranga, This is not because of a security reason. The security question set id may contains html special characters. So the set id is sent to the UI after encoding to Base64.
Thanks! *Jayanga Kaushalya* Software Engineer Mobile: +94777860160 <+94%2077%20786%200160> WSO2 Inc. | http://wso2.com lean.enterprise.middleware On Tue, Jan 31, 2017 at 10:42 PM, Manuranga Perera <[email protected]> wrote: > > ---------- Forwarded message ---------- > From: Manuranga Perera <[email protected]> > Date: Tue, Jan 31, 2017 at 5:11 PM > Subject: Security questions are encoded > To: Johann Nallathamby <[email protected]>, Jayanga Kaushalya < > [email protected]>, Isura Karunaratne <[email protected]> > > > Security questions are base64 encoded [1]. If they are encrypted (eg: RSA) > or hashed (eg SHA) I can understand that it's for security reasons. All > this does is obfuscation, poorly even at that, since base64 can be easily > decoded. > > Or is it done for non-security reasons, like escaping special characters? > > [1] https://github.com/wso2/product-is/blob/6.0.x-C5_m3/portal/o > sgi-services/org.wso2.is.portal.user.client.api/src/main/ > java/org/wso2/is/portal/user/client/api/ChallengeQuestionMa > nagerClientServiceImpl.java#L113 > > -- > With regards, > *Manu*ranga Perera. > > phone : 071 7 70 20 50 > mail : [email protected] > > > > -- > With regards, > *Manu*ranga Perera. > > phone : 071 7 70 20 50 > mail : [email protected] > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
