Reputation: 2724
Encrypting HTTP POST data
I have a HTTP POST string that I am running from a client cpp program against a server running Apache. Following is the POST string that would get fired from the clients:
"POST %s HTTP/1.0\r\n"
"Host: %s\r\n"
"Content-type: multipart/form-data\r\n"
"Content-length: %d\r\n\r\n"
"Content-Disposition: %s; filename: %s\n"
It would be nice if someone could help me out to understand how could I encrypt the data that sits in the Content-Disposition: field.
Also, I noticed that even if I put something irrelevant to the right of the POST string, like: "POST %s HTTPGarbage/1.0\r\n", the transfer still happens, it would be grand if I am informed about this behavior as well.
Upvotes: 4
Views: 20378
Answers (1)
Reputation: 122749
If you use HTTPS (which is essentially HTTP over SSL/TLS), all the HTTP traffic will be encrypted from the moment the SSL/TLS connection is established (provided you're using the appropriate cipher suites), that it, before any HTTP communication. Only the server certificate (which may reveal the host name) will be visible, and perhaps the client certificate in some circumstances (if you're also using client-certificate authentication). The URL and all the HTTP headers (and content) will be protected with SSL/TLS this way.
If you're not using a browser as a client you can make use of existing SSL/TLS libraries such as NSS (Mozilla) or OpenSSL. Make sure you configure the certificate trust and host name verification correctly.
Upvotes: 6
Related Questions
- How to assure that data gets encrypted when using POST in httpClient
- How to encrypt data on the post with php
- Secure ways in sending confidential data to the server using HTTP Post
- Does the request get encrypted when posting to HTTPS from HTTP
- How to encrypt POST Header on HTTP
- HTTPS POST data is not encrypted
- how to Post encrypted data from http page to https page?
- Encrypt Post Data Before Sending
- Http to Https POST
- POST data encryption - Is HTTPS enough?