Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Passing base64 encoded strings in URL

Is it safe to pass raw base64 encoded strings via GET parameters?

like image 268
Alix Axel Avatar asked Sep 03 '09 17:09

Alix Axel


People also ask

Can you use Base64 in url?

Base64 is a group of binary-to-text encoding schemes that represent binary data in an ASCII string format by translating it into a radix-64 representation. By consisting only of ASCII characters, base64 strings are generally url-safe, and that's why they can be used to encode data in Data URLs.

What is Base64 encoding url?

Base 64 Encoding The Base 64 encoding is designed to represent arbitrary sequences of octets in a form that allows the use of both upper- and lowercase letters but that need not be human readable. A 65-character subset of US-ASCII is used, enabling 6 bits to be. represented per printable character.

Why does Base64 strings end with ==?

From Wikipedia: The final '==' sequence indicates that the last group contained only one byte, and '=' indicates that it contained two bytes.


1 Answers

There are additional base64 specs. (See the table here for specifics ). But essentially you need 65 chars to encode: 26 lowercase + 26 uppercase + 10 digits = 62.

You need two more ['+', '/'] and a padding char '='. But none of them are url friendly, so just use different chars for them and you're set. The standard ones from the chart above are ['-', '_'], but you could use other chars as long as you decoded them the same, and didn't need to share with others.

I'd recommend just writing your own helpers. Like these from the comments on the php manual page for base64_encode:

function base64_url_encode($input) {  return strtr(base64_encode($input), '+/=', '._-'); }  function base64_url_decode($input) {  return base64_decode(strtr($input, '._-', '+/=')); } 
like image 50
Joe Flynn Avatar answered Sep 22 '22 02:09

Joe Flynn