in reply to Untainting cookies

Are you so concerned about the size that you can't use hex instead of base64? Hex works fine, and has very safe characters which can be interpolated everywhere.

Here's what Apache::Session used the last time I looked: 

require MD5;
my $session = MD5->hexhash(MD5->hexhash(time.{}.rand().$$));

[download]

-- Randal L. Schwartz, Perl hacker

Replies are listed 'Best First'.
Re: Re: Untainting cookies
by MeowChow (Vicar) on Apr 11, 2001 at 20:18 UTC
    How about just tr'ing the initial Base64 ID like so: 
    $id =~ tr|+/=|___|;
# or
$id =~ tr|+/=|000|;

    [download]
    You would lose just a few bits of randomness (acceptable in this application), but would be left with a shorter ID that's an easy match with a /\w/. 
       MeowChow                                   
               s aamecha.s a..a\u$&owag.print
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom