Safe Data serialization for Plain HTTP GET & POST communication

Question

I'm using the client's browser to submit HTTP request. For report generation the securityToken is submitted as POST, for report download the same token needs to be submitted by the user browser, this time using GET.

What encoding would you recommend for the securityToken which actually represents encrypted data.

I've tried BASE64 but this fails because the standard can include the "+" character which gets translated in HTTP GET to ' ' (blank space).

Then I tried URL Encoding, but this fails because for HTTP POST stuff such as %3d are transmitted without translation but when browser does HTTP GET with the data %3d is converted to '='.

What encoding would you recommend, to allow safe transmission over HTTP POST & GET without data being misinterpreted.

The environment is Java, Tomcat.

Thank you, Maxim.

score 2 · Accepted Answer · answered Feb 01 '10 at 11:02

2

Hex string.

Apache commons-codec has a Hex class that provides this functionality.

It will look like this: http://youraddress.com/context/servlet?param=ac7432be432b21

answered Feb 01 '10 at 11:02

Bozho

588,226
146
1,060
1,140

I was thinking of something more compact then Hex, something like: BigInteger bi = new BigInteger("STR_GOES_HERE".getBytes()); System.out.println(bi.toString(36)); which will output a-z0-9 chars range, the only problem is I can't find an proper method to convert it back into String, any idea? – Maxim Veksler Feb 01 '10 at 11:31
the Hex class has `encodeHex(..)` and `decodeHex(..)` methods – Bozho Feb 01 '10 at 11:36
I'm sorry, I believe that I should explain myself better via an example: Encoding "HelloWorld" into base16 is "48656c6c6f576f726c64", encoding this into base37 is "1jo7hzvcp48urzvo"; That is 20 chars for Hex, 16 chars for Base37 which is the reason why I'm seeking to use this encoding. My problem is I'm having trouble converting "1jo7hzvcp48urzvo" back into "HelloWorld". Help would be appreciated. – Maxim Veksler Feb 01 '10 at 12:01
`Integer.parseInt("1jo7h", 37);` ? – Bozho Feb 01 '10 at 12:07
This gives an exception java.lang.NumberFormatException: radix 37 greater than Character.MAX_RADIX. Trying with Integer.parseInt("1jo7h", 36); works but AFAIK this will work only for integers, I have String (see "HelloWorld" example above). It's a good direction with Character.MAX_RADIX... – Maxim Veksler Feb 01 '10 at 12:21
str.getBytes() will give you the byte-array representation of a string – Bozho Feb 07 '10 at 14:49
But what I need is bytearray to str, not str to byte array. I've actually tried to find a solution over the net for to do this in Java, and couldn't find something correct yet. A complete example would be great here. – Maxim Veksler Feb 27 '10 at 12:35

score 1 · Answer 2 · edited May 23 '17 at 12:06

1

Well, you can keep the Base64 and use this solution: Code for decoding/encoding a modified base64 URL

edited May 23 '17 at 12:06

Community

1
1

answered Feb 01 '10 at 11:13

Ryan Fernandes

8,238
7
36
53

I think Hex is actually better then Base64 - It is more compact on the wire. – Maxim Veksler Feb 27 '10 at 12:36

Safe Data serialization for Plain HTTP GET & POST communication

2 Answers2