Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In my application I am creating a activation key of 64 characters.
It is having special characters like
+ =
While framing url we are doing url encode. But if user do a copy of the url from his email client , in some client url is getting url decoded.
Some suggestion is to remove these special character with charters which don’t require url encode.
Will it going to create any issue in security as character set will be limited ?
If you use just alphanumeric characters, and make it case-insensitive, you will have 36 possible characters. Since your key is 64 characters long, you end up with a keyspace that is quite big (Larger than a GUID).
Depending what you are trying to protect this against (I assume brute forcing legitimate keys), so long as your algorithm for generating them is sufficient, you should not be at any risk of generating keys that are easily guessed.