1

I have this array of characters which I use for keys when transferring information between client and server via typical ajax requests or via websockets. I was reading this SO question and it made me worry that my keys may get changed when they are transferred over the wire so when the other side is trying to lookup the relevant key it can't because it is no longer the same key. Is this a possible flaw? should I remove all none ascii characters from my KEY_PIECES array?

const List<String> KEY_PIECES = const [
'1', '!', '2', '"', '3', '£', '4', r'$', '5', '%', '6', '^', '7', '&', '8', '*', '9', '(', '0', ')',
'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J',
'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T',
'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', r'\', '|', ',', '<', '.', '>', '/', '?',
';', "'", '@', '#', '~', '[', '{', ']', '}', '-', '_', '=', '+', '`', '¬'
];
Community
  • 1
  • 1
Daniel Robinson
  • 13,806
  • 18
  • 64
  • 112
  • It should be problematic with GET requests. Why not use standard Base64? – JAre Jul 23 '14 at 11:55
  • any link for converting a string to a base64 string? on api.dartlang.org it has a `Base64StringToBytes` method but that doesn't seem to be what I need. – Daniel Robinson Jul 23 '14 at 12:14
  • 1
    See http://stackoverflow.com/questions/15957427 – Günter Zöchbauer Jul 23 '14 at 12:18
  • I think there's only one non standard ascii character in my KEY_PIECES so I might just remove the ¬ symbol. – Daniel Robinson Jul 23 '14 at 12:43
  • @0xor1 I'm not sure but proxies might strip fragments of the url after #. It's better to stick with base64. – JAre Jul 23 '14 at 12:52
  • ah you are right, that is definately something to consider. however, I dont plan to use this for GET requests at the moment, the keys are used in JSON like strings in the request content, so I hope they will be ok if the are ascii characters, my main goal is to keep the strings as short as possible. – Daniel Robinson Jul 23 '14 at 12:58
  • @0xor1 How about sending data with WebRTC? http://bloggeek.me/send-file-webrtc-data-api/ – JAre Jul 24 '14 at 01:14

0 Answers0