On Fri, 6 Jul 2001, Stef Telford wrote:
> Hello,
> I hope this is the right place to put this. I have some code that takes data
> from a database and encrypts it via Blowfish and CBC. Not a problem so far,
> the problems comes with sending it to the client.
...
> Now, if i look at the string (and ignoring all the strange characters that
> slip through escape_uri) i cant help but notice that escape_uri 'breaks' on
> the character after %99G which, lo and behold, is %00 which says to me that
> for some reason CGI::Cookie does the 'right thing' in the case of Blowfish
> encrypted text, but escape_uri in mod_perl doesnt.
looks like apache's uri escape code does not properly handle binary
data. one solution would be base64 encode your $ciphertext before using
it to create the cookie, then decode it after fetching the cookie. you
can use MIME::Base64 for this, which is fairly lightweight.
