Menu
Is it safe to pass raw base64 encoded strings via GET parameters?
268
Base64 is a group of binary-to-text encoding schemes that represent binary data in an ASCII string format by translating it into a radix-64 representation. By consisting only of ASCII characters, base64 strings are generally url-safe, and that's why they can be used to encode data in Data URLs.
Base 64 Encoding The Base 64 encoding is designed to represent arbitrary sequences of octets in a form that allows the use of both upper- and lowercase letters but that need not be human readable. A 65-character subset of US-ASCII is used, enabling 6 bits to be. represented per printable character.
From Wikipedia: The final '==' sequence indicates that the last group contained only one byte, and '=' indicates that it contained two bytes.
There are additional base64 specs. (See the table here for specifics ). But essentially you need 65 chars to encode: 26 lowercase + 26 uppercase + 10 digits = 62.
You need two more ['+', '/'] and a padding char '='. But none of them are url friendly, so just use different chars for them and you're set. The standard ones from the chart above are ['-', '_'], but you could use other chars as long as you decoded them the same, and didn't need to share with others.
I'd recommend just writing your own helpers. Like these from the comments on the php manual page for base64_encode:
function base64_url_encode($input) { return strtr(base64_encode($input), '+/=', '._-'); } function base64_url_decode($input) { return base64_decode(strtr($input, '._-', '+/=')); } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
