Passing base64 encoded strings in URL

Question

Is it safe to pass raw base64 encoded strings via GET parameters

User · Answer

I don t think that this is safe because e g  the     character is used in raw base 64 and is also used in differentiating the parameters from the values in an HTTP GET

User · Answer

Its a base64url encode you can try out  its just extension of joeshmo s code above   function base64url encode  data    return rtrim strtr base64 encode  data          -              function base64url decode  data    return base64 decode str pad strtr  data   -           strlen  data    4       STR PAD RIGHT

User · Answer

joeshmo Or instead of writing a helper function  you could just urlencode the base64 encoded string  This would do the exact same thing as your helper function  but without the need of two extra functions    str    Some String     encoded   urlencode  base64 encode   str       decoded   base64 decode  urldecode   encoded

User · Answer

No  you would need to url-encode it  since base64 strings can contain the          and     characters which could alter the meaning of your data - look like a sub-folder   Valid base64 characters are below   ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789

User · Answer

There are additional base64 specs    See the table here for specifics     But essentially you need 65 chars to encode  26 lowercase   26 uppercase   10 digits   62   You need two more            and a padding char       But none of them are url friendly  so just use different chars for them and you re set   The standard ones from the chart above are   -         but you could use other chars as long as you decoded them the same  and didn t need to share with others   I d recommend just writing your own helpers   Like these from the comments on the php manual page for base64 encode   function base64 url encode  input     return strtr base64 encode  input             -       function base64 url decode  input     return base64 decode strtr  input     -

User · Answer

For url safe encode  like base64 urlsafe b64encode      in Python the code below  works to me for 100   function base64UrlSafeEncode string  input       return str replace               -         base64 encode  input

User · Answer

Yes and no  The basic charset of base64 may in some cases collide with traditional conventions used in URLs  But many of base64 implementations allow you to change the charset to match URLs better or even come with one  like Python s urlsafe b64encode     Another issue you may be facing is the limit of URL length or rather     lack of such limit  Because standards do not specify any maximum length  browsers  servers  libraries and other software working with HTTP protocol may define its  own limits

User · Answer

In theory  yes  as long as you don t exceed the maximum url and oor query string length for the client or server   In practice  things can get a bit trickier   For example  it can trigger an HttpRequestValidationException on ASP NET if the value happens to contain an  on  and you leave in the trailing

User · Answer

Introductory Note I m inclined to post a few clarifications since some of the answers here were a little misleading  if not incorrect     The answer is NO  you cannot simply pass a base64 encoded parameter within a URL query string since plus signs are converted to a SPACE inside the   GET global array  In other words  if you sent test php myVar stringwith sign to    test php print   GET  myVar      the result would be  stringwith sign  The easy way to solve this is to simply urlencode   your base64 string before adding it to the query string to escape the       and   characters to     codes  For instance  urlencode  stringwith sign   returns stringwith 2Bsign  When you process the action  PHP takes care of decoding the query string automatically when it populates the   GET global   For example  if I sent test php myVar stringwith 2Bsign to    test php print   GET  myVar      the result would is  stringwith sign  You do not want to urldecode   the returned   GET string as   s will be converted to spaces  In other words if I sent the same test php myVar stringwith 2Bsign to    test php  string   urldecode   GET  myVar     print  string    the result is an unexpected  stringwith sign  It would be safe to rawurldecode   the input  however  it would be redundant and therefore unnecessary

[php] Passing base64 encoded strings in URL

Examples related to php

Examples related to url

Examples related to string

Examples related to get

Examples related to base64