Safe Data serialization for Plain HTTP GET & POST communication

views:

answers:

+2 Q:

Safe Data serialization for Plain HTTP GET & POST communication

Hello Friends,

I'm using the client's browser to submit HTTP request. For report generation the securityToken is submitted as POST, for report download the same token needs to be submitted by the user browser, this time using GET.

What encoding would you recommend for the securityToken which actually represents encrypted data.

I've tried BASE64 but this fails because the standard can include the "+" character which gets translated in HTTP GET to ' ' (blank space).

Then I tried URL Encoding, but this fails because for HTTP POST stuff such as %3d are transmitted without translation but when browser does HTTP GET with the data %3d is converted to '='.

What encoding would you recommend, to allow safe transmission over HTTP POST & GET without data being misinterpreted.

The environment is Java, Tomcat.

Thank you, Maxim.

+2 A:

Hex string.

Apache commons-codec has a Hex class that provides this functionality.

It will look like this: http://youraddress.com/context/servlet?param=ac7432be432b21

Bozho 2010-02-01 11:02:29

I was thinking of something more compact then Hex, something like: BigInteger bi = new BigInteger("STR_GOES_HERE".getBytes());System.out.println(bi.toString(36)); which will output a-z0-9 chars range, the only problem is I can't find an proper method to convert it back into String, any idea?

Maxim Veksler 2010-02-01 11:31:42

the Hex class has `encodeHex(..)` and `decodeHex(..)` methods

Bozho 2010-02-01 11:36:06

I'm sorry, I believe that I should explain myself better via an example: Encoding "HelloWorld" into base16 is "48656c6c6f576f726c64", encoding this into base37 is "1jo7hzvcp48urzvo"; That is 20 chars for Hex, 16 chars for Base37 which is the reason why I'm seeking to use this encoding. My problem is I'm having trouble converting "1jo7hzvcp48urzvo" back into "HelloWorld".Help would be appreciated.

Maxim Veksler 2010-02-01 12:01:37

`Integer.parseInt("1jo7h", 37);` ?

Bozho 2010-02-01 12:07:59

This gives an exception java.lang.NumberFormatException: radix 37 greater than Character.MAX_RADIX. Trying with Integer.parseInt("1jo7h", 36); works but AFAIK this will work only for integers, I have String (see "HelloWorld" example above). It's a good direction with Character.MAX_RADIX...

Maxim Veksler 2010-02-01 12:21:03

it should work with any byte-array represented string

Bozho 2010-02-01 12:25:15

Can you please supply a code example?

Maxim Veksler 2010-02-07 12:52:38

str.getBytes() will give you the byte-array representation of a string

Bozho 2010-02-07 14:49:07

But what I need is bytearray to str, not str to byte array. I've actually tried to find a solution over the net for to do this in Java, and couldn't find something correct yet. A complete example would be great here.

Maxim Veksler 2010-02-27 12:35:48

+1 A:

Well, you can keep the Base64 and use this solution: http://stackoverflow.com/questions/1228701/code-for-decoding-encoding-a-modified-base64-url

Ryan Fernandes 2010-02-01 11:13:19

I think Hex is actually better then Base64 - It is more compact on the wire.

Maxim Veksler 2010-02-27 12:36:41

ansaurus

tags:

views:

answers:

Safe Data serialization for Plain HTTP GET & POST communication

related questions