Share via


Remember not to use strings for random byte sequences.

A different, more secure, Shawn, blogged "Don't Roundtrip Ciphertext Via a String Encoding".  I've mentioned this before (UTF8 Security and Whidbey Changes), but its a good idea to not pretend that random data is a string and try to Encode or Decode it to pass it through a non-binary medium (like an http request).

Pretty much any encoding has sequences of characters or bytes that are illegal or ambiguous, so any data passed this way is likely to be broken or corrupted.  Data should instead be encoded with some sort of higher level protocol.  Shawn provides some example code using Base 64 Encoding to wrap the binary data in a text string that is appropriate for this kind of use.