Passing Base64 Encoded Strings in Url

Passing base64 encoded strings in URL

No, you would need to url-encode it, since base64 strings can contain the "+", "=" and "/" characters which could alter the meaning of your data - look like a sub-folder.

Valid base64 characters are below.

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=

Issue with Base64-encoded parameter in query string

You should URL encode the confirm parameter. The error you get is because of the last == fragment.

For this use HttpServerUtility.UrlEncode or similar framework methods.

passing base64 string in url

Under Apache, the limit is a configurable value, LimitRequestLine. Change this value to something larger than its default of 8190 if you want to support a longer request URI.

However, note that if you're actually running into this limit, you are probably abusing GET to begin with. You should use POST to transmit this sort of data -- especially since you even concede that you're using it to update values. If you check the link above, you'll notice that Apache even says "Under normal conditions, the value should not be changed from the default."

Safely sending base64 encoded string as query parameter

The server is probably interpreting the + sign as a space because it is often used in query parameters as a substitute for a space. addPercentEncoding isn't going to help you because it only translates non ASCII characters.

You'll need to manually replace + with %2B as you are doing.

.... although

NSString has a version of addPercentEncoding that also takes a CharacterSet as a parameter. So you could create a Characterset with all the base64 characters in it except + using init(charactersIn:) i.e.

let safeChars = Characterset(charactersIn: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrtuvwxyz0123456789/=")

Base64 encoded String URL friendly

If you would not replace the characters they could get misinterpreted, like pointed out in this answer. This would result in either displaying wrong content or more likely displaying nothing.

For explanation:

In URLs the follwing characters are reserved: : / ? # [ ] @ : $ & ' ( ) * + , ; =

Like pointed out in this answer you need 65 characters to encode data, but the sum of uppercase-, lowercase characters and digits is only 62. So it needs three additional characters which are + = /. These three are reserved. So you need to replace them. As of right now I am not entirely sure about -.

Using base64 encoded string URL

I strongly recommend Joe Riggs' Create URL Safe Encrypted String.

The supplied code is in procedural, but is extremely simple to convert to OO. I have used it to do what you are doing in which some information (usually a hash of the user's email and id) is encoded/encrypted for the user to click on to activate their account.

The functions you want to look at are url_base64_decode and url_base64_encode, in which certain characters are rewritten to be url safe (for example, removing / and replacing it with ~).

[edit]

Here is a codepad of my class based on the above code: http://codepad.org/lzevA4k1

Usage:

$cryptUtil = new RPK_Crypt();
$string = 'Unencrypted string';
$eString = $cryptUtil->encrypt($string);
$dString = $cryptUtil->decrypt($eString);
var_dump($dString == $string); //true

---

Related Topics