Because so many engineers today fail to differentiate between encoding and encryption, I cannot stress the importance of the difference between the two. Encoding is not encryption! XOR, for example, is not a solution for turning data into secure data. No hidden trickery will make any type of encoding a secure method of hiding sensitive data ever. Encoding is specifically intended to convert a piece of data into a form for a specific use. Base64, MIME, and Uuencode are examples of encoding algorithms.

Many Hyper Text Transfer Protocol (HTTP) proxies were specifically designed not to pass binary data. Or rather, they were designed to pass ASCII data, which may or may not have been a functional oversight. They only allowed specific ASCII data subsets and/or specific text characters. Base64 encodes bytes from values of 0x00 to 0xFF into a string that is represented as text characters. I've seen Base64 encoded passwords stored in HTTP cookies as a method to hide the passwords and keep them secret. These methods are severely lacking, and often the developers actually believe that this is encrypted data because many books and schools teach encoding as encryption.

If you are able to view encoded data, then after trying the basic decoding methods that are commonly implemented to get the plaintext data, one often can perform basic differential analysis to determine what the encoded data contains. Good examples are engineer-created data manipulation schemes that may make data appear unpredictable, meaning a user couldn't...