Home/ Questions/Q 6067549
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T09:37:12+00:00

i am reading that in a paper Any end-user could modify these values (since

  • 0

i am reading that in a paper

Any end-user could modify these values (since they are originated in his browser), but if the web developer encodes for example, converting all characters to URL-encoding (hexadecimal) or uses a particular encoding to send GET/POST parameters (e .g., base64 with some secret key string) the attack vector must be revisited.

so, this means that is good practice encoding the variables with base 64 and a secret key?
how is implemented an url-encoding?

this makes sense? i never read about encoding variables as a way of protection

thanks

paper page 5

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Base64 encoding schemes are commonly used when there is a need to encode binary data that needs be stored and transferred over media that are designed to deal with textual data (like HTTP). This is to ensure that the data remains intact without modification during transport.

    So yes it can be a way of protecting the original data form unwanted modification. But remember it is not anywhere near Encryption.

    The specification for URLs (RFC 1738, Dec. ’94) poses a problem, in that it limits the use of allowed characters in URLs to only a limited subset of the US-ASCII character set:

    “…Only alphanumerics [0-9a-zA-Z], the special characters “$-_.+!*'(),” [not including the quotes – ed], and reserved characters used for their reserved purposes may be used unencoded within a URL.”

    Here’s nice article on that http://www.blooberry.com/indexdot/html/topics/urlencoding.htm

    In PHP you can use string urlencode ( string $str ) method for URL Encoding.

    • 0