base64.urlsafe_b64encode and the equal character

Gabriel Genellina gagsl-py2 at yahoo.com.ar
Fri Mar 28 16:09:32 CET 2008


En Fri, 28 Mar 2008 10:54:49 -0300, Clodoaldo <clodoaldo.pinto at gmail.com>  
escribió:

> I'm using a md5 hash encoded with base64.urlsafe_b64encode as a
> parameter of a URL used to confirm a registration in a site. It has
> been working great.
>
> The url is like this:
>
> http://example.com/ce?i=878&h=kTfWSUaby5sBu9bIfoR87Q==
>
> Now i need to match that URL in a certain text and i realized that
> urlsafe_b64encode uses the "=" character so i can't just use \w{24} to
> match the parameter.
>
> What i need to know is where can an equal char appear in a
> urlsafe_b64encoded string?:
>
> a)only at end;
> b)both at the end and at the begginig;
> c)anywhere in the string;
>
> A sure answer will make my regexp safer.

Only at the end. The encoded string has 4*n chars when the input string  
has 3*n chars; when the input length is 3*n+1 or 3*n+2, the output has  
4*(n+1) chars right padded with 2 or 1 "=" chars.
If your input has 3n chars, the output won't have any "="

> In another point, does the "=" char make it urlunsafe? I guess not
> because i believe it would only be unsafe if the equal appeared like
> in "&var=" and since there are no "&" in the string than there is no
> problem right? Or wrong?

I guess not, but you should check the relevant RFCs. Or at least check  
that your server can always parse the request.

-- 
Gabriel Genellina




More information about the Python-list mailing list