开发者

Is base 64 encoding with a secret key of strings, a possible way of Protection?

问答 作者:

i am reading that in a paper

Any end-user could modify these values (since they are originated in his browser), but if the web developer encodes for example, converting all characters to UR开发者_如何学编程L-encoding (hexadecimal) or uses a particular encoding to send GET/POST parameters (e .g., base64 with some secret key string) the attack vector must be revisited.

so, this means that is good practice encoding the variables with base 64 and a secret key? how is implemented an url-encoding?

this makes sense? i never read about encoding variables as a way of protection

thanks

paper page 5

Base64 encoding schemes are commonly used when there is a need to encode binary data that needs be stored and transferred over media that are designed to deal with textual data (like HTTP). This is to ensure that the data remains intact without modification during transport.

So yes it can be a way of protecting the original data form unwanted modification. But remember it is not anywhere near Encryption.

The specification for URLs (RFC 1738, Dec. '94) poses a problem, in that it limits the use of allowed characters in URLs to only a limited subset of the US-ASCII character set:

"...Only alphanumerics [0-9a-zA-Z], the special characters "$-_.+!*'()," [not including the quotes - ed], and reserved characters used for their reserved purposes may be used unencoded within a URL."

Here's nice article on that http://www.blooberry.com/indexdot/html/topics/urlencoding.htm

In PHP you can use string urlencode ( string $str ) method for URL Encoding.

so, this means that is good practice encoding the variables with base 64 and a secret key? how is implemented an url-encoding?

this makes sense?

No, it doesn't really make sense. base64 is not an encryption scheme, it's just a way of encoding binary data into a subset of 7-bit text that isn't likely to be altered by email servers, etc.

base64 does not have a key, not can it encrypt or decrypt.

My guess is that the paper's authors were talking about some encryption scheme prior to the bit you quoted, and they only mentioned base64 later as a way to transmit their already encrypted data safely over HTTP GET or POST parameters.

Without seeing the rest of what you quoted from, we don't know.

base 64 encode does not provide any security whatsoever. it is almost as bad as a mono-alphabetic substitution cipher

here's how to encode/decode in base 64, also known as radix64 http://en.wikipedia.org/wiki/Base64

im not sure what it means to encode with a key in this context

继续阅读:phpsecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9