加密 HTTP POST 数据
我有一个 HTTP POST 字符串,正在从客户端 cpp 程序针对运行 Apache 的服务器运行。以下是将从客户端触发的 POST 字符串:
"POST %s HTTP/1.0\r\n"
"Host: %s\r\n"
"Content-type: multipart/form-data\r\n"
"Content-length: %d\r\n\r\n"
"Content-Disposition: %s; filename: %s\n"
如果有人可以帮助我了解如何加密 Content-Disposition: 字段中的数据,那就太好了。 另外,我注意到,即使我在 POST 字符串的右侧放置一些不相关的内容,例如: "POST %s HTTPGarbage/1.0\r\n",传输仍然会发生,这将是伟大的如果我也知道这种行为。
I have a HTTP POST string that I am running from a client cpp program against a server running Apache. Following is the POST string that would get fired from the clients:
"POST %s HTTP/1.0\r\n"
"Host: %s\r\n"
"Content-type: multipart/form-data\r\n"
"Content-length: %d\r\n\r\n"
"Content-Disposition: %s; filename: %s\n"
It would be nice if someone could help me out to understand how could I encrypt the data that sits in the Content-Disposition: field.
Also, I noticed that even if I put something irrelevant to the right of the POST string, like: "POST %s HTTPGarbage/1.0\r\n", the transfer still happens, it would be grand if I am informed about this behavior as well.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您使用 HTTPS(本质上是基于 SSL/TLS 的 HTTP),则从建立 SSL/TLS 连接的那一刻起,所有 HTTP 流量都将被加密(前提是您使用适当的密码套件),即在任何 HTTP 之前沟通。只有服务器证书(可能会泄露主机名)可见,在某些情况下可能还有客户端证书(如果您还使用客户端证书身份验证)。 URL 和所有 HTTP 标头(和内容)都将通过这种方式受到 SSL/TLS 的保护。
如果您不使用浏览器作为客户端,则可以使用现有的 SSL/TLS 库,例如 NSS (Mozilla) 或 OpenSSL。确保正确配置证书信任和主机名验证。
If you use HTTPS (which is essentially HTTP over SSL/TLS), all the HTTP traffic will be encrypted from the moment the SSL/TLS connection is established (provided you're using the appropriate cipher suites), that it, before any HTTP communication. Only the server certificate (which may reveal the host name) will be visible, and perhaps the client certificate in some circumstances (if you're also using client-certificate authentication). The URL and all the HTTP headers (and content) will be protected with SSL/TLS this way.
If you're not using a browser as a client you can make use of existing SSL/TLS libraries such as NSS (Mozilla) or OpenSSL. Make sure you configure the certificate trust and host name verification correctly.