问题描述
我有一个HTTP POST字符串,我从客户端cpp程序运行Apache运行的服务器。以下是将从客户端触发的POST字符串:
I have a HTTP POST string that I am running from a client cpp program against a server running Apache. Following is the POST string that would get fired from the clients:
"POST %s HTTP/1.0\r\n"
"Host: %s\r\n"
"Content-type: multipart/form-data\r\n"
"Content-length: %d\r\n\r\n"
"Content-Disposition: %s; filename: %s\n"
如果有人可以帮助我理解如何加密 Content-Disposition中的数据,那将是很好的:
领域。
另外,我注意到即使我放了一些与POST字符串右边无关的东西,例如:POST%s HTTPGarbage / 1.0\\ n
,转移仍然发生,如果我也被告知这种行为,那将是很好的。
It would be nice if someone could help me out to understand how could I encrypt the data that sits in the Content-Disposition:
field.Also, I noticed that even if I put something irrelevant to the right of the POST string, like: "POST %s HTTPGarbage/1.0\r\n"
, the transfer still happens, it would be grand if I am informed about this behavior as well.
谢谢,
Sayan
Thanks,
Sayan
推荐答案
如果您使用HTTPS(本质上是HTTP over SSL / TLS),所有HTTP流量将从SSL /加密在任何HTTP通信之前,建立TLS连接(假设您正在使用适当的密码套件)。在某些情况下(如果您还使用客户端证书身份验证),只有服务器证书(可能显示主机名)可见,并且可能是客户端证书。 URL和所有HTTP标头(和内容)将以这种方式使用SSL / TLS进行保护。
If you use HTTPS (which is essentially HTTP over SSL/TLS), all the HTTP traffic will be encrypted from the moment the SSL/TLS connection is established (provided you're using the appropriate cipher suites), that it, before any HTTP communication. Only the server certificate (which may reveal the host name) will be visible, and perhaps the client certificate in some circumstances (if you're also using client-certificate authentication). The URL and all the HTTP headers (and content) will be protected with SSL/TLS this way.
如果您不使用浏览器作为客户端,则可以制作使用现有的SSL / TLS库,如NSS(Mozilla)或OpenSSL。确保正确配置证书信任和主机名验证。
If you're not using a browser as a client you can make use of existing SSL/TLS libraries such as NSS (Mozilla) or OpenSSL. Make sure you configure the certificate trust and host name verification correctly.
这篇关于加密HTTP POST数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!