I'm tightening security on my application by encrypting query strings so
someone can't try and guess other valid query string values. This was
working well, but I noticed it wasn't working in some cases today. Looking a
little deeper, it seems that when encrypted one value had a + in it. When
this was picked up at the receiving page, I see the + turns into a space,
which then throws off the decryption.
Is a + an illegal character for a query string? If so, is the plus the only
character I can count on being converted to a space? It won't be hard to
look for any spaces and change them into + in the codebehind, but I only
want to do that if that's the only character that becomes a space.
Anyone got a good link to describe this in detail (what characters are
allowed and what happens to illegal ones)?
Thanks!
Matt