M
MattB
I'm tightening security on my application by encrypting query strings so
someone can't try and guess other valid query string values. This was
working well, but I noticed it wasn't working in some cases today. Looking a
little deeper, it seems that when encrypted one value had a + in it. When
this was picked up at the receiving page, I see the + turns into a space,
which then throws off the decryption.
Is a + an illegal character for a query string? If so, is the plus the only
character I can count on being converted to a space? It won't be hard to
look for any spaces and change them into + in the codebehind, but I only
want to do that if that's the only character that becomes a space.
Anyone got a good link to describe this in detail (what characters are
allowed and what happens to illegal ones)?
Thanks!
Matt
someone can't try and guess other valid query string values. This was
working well, but I noticed it wasn't working in some cases today. Looking a
little deeper, it seems that when encrypted one value had a + in it. When
this was picked up at the receiving page, I see the + turns into a space,
which then throws off the decryption.
Is a + an illegal character for a query string? If so, is the plus the only
character I can count on being converted to a space? It won't be hard to
look for any spaces and change them into + in the codebehind, but I only
want to do that if that's the only character that becomes a space.
Anyone got a good link to describe this in detail (what characters are
allowed and what happens to illegal ones)?
Thanks!
Matt