Passing String With Non Digits/Letters Through JSON

Question

I am passing an encrypted password through json and a querystring. Lets say for examples sake the password is something like: V0VuDF9ITK+A744HD=

When I pass the string through json I use JSON.stringify to stringify the string so it can be used on server.

var request = sb.serverRequest('changePassword', JSON.stringify({username: username, password: credentialsInput.value, original: password}));
request.done(function() {
    var response = JSON.parse(request.responseText);
    if(response.success) {
        console.log('password changed');
    } else {
        setInstructions('That didn\'t work. Please try again.');
    }
    credentialsInput.value = ''; //Clear input
});

However when I try to use the password on the server, it has replaced the + with a space so the new password will be V0VuDF9ITK A744HD= (notice the space in the middle)? How can I pre-parse the string in java so it includes the non letters and digits in the actual string thats passed? It seems to pass the string down to javascript just fine, but i'd prefer to pre-process in java if possible because there are also cases where I will pass the string via querystring.

I use the base64 encoder in java to encrypt so I am not sure if there are any other possibilities that may have to be taken into considering when escaping characters in the string in javascript. It seems = gets passed fine. Are there any other characters this encoding type uses that might become a problem?

PS I do not actually do any encrypting in javascript, that is all handled on the server, but in this particular instance I need the encrypted password in javascript because I need to compare it server side...I won't get into all the boring details. I will however be passing this encrypted password through a querystring as well which I assume will be faulted by a + or an = . How would I pass a string like that in a querystring as well?

UPDATE: The encoding algorthm I use to encrypt passwords is as follows. I may have been mistaken on it being only base64. Is this a safe way to secure passwords?

public static synchronized String encrypt(String plainText) throws RuntimeException {
    MessageDigest md = null;

    try{
        md = MessageDigest.getInstance("SHA");
    }catch(NoSuchAlgorithmException e){
        throw new RuntimeException(e.getMessage());
    }

    try{
        md.update(plainText.getBytes("UTF-8"));
    }catch(UnsupportedEncodingException e){
        throw new RuntimeException(e.getMessage());
    }

    byte raw[] = md.digest();
    String hash = (new BASE64Encoder().encode(raw));
    return hash;
}

Answer 1

为了使字符串安全通过URL，请使用encodeURIComponent(your_string_here)