tags:

views:

44

answers:

1
Q: 

Encrypting HTTP POST data

Hi,

I have a HTTP POST string that I am running from a client cpp program against a server running Apache. Following is the POST string that would get fired from the clients:

"POST %s HTTP/1.0\r\n" 
"Host: %s\r\n"
"Content-type: multipart/form-data\r\n"
"Content-length: %d\r\n\r\n"
"Content-Disposition: %s; filename: %s\n"

It would be nice if someone could help me out to understand how could I encrypt the data that sits in the Content-Disposition: field. Also, I noticed that even if I put something irrelevant to the right of the POST string, like: "POST %s HTTPGarbage/1.0\r\n", the transfer still happens, it would be grand if I am informed about this behavior as well.

Thanks,
Sayan

+2  A: 

If you use HTTPS (which is essentially HTTP over SSL/TLS), all the HTTP traffic will be encrypted from the moment the SSL/TLS connection is established (provided you're using the appropriate cipher suites), that it, before any HTTP communication. Only the server certificate (which may reveal the host name) will be visible, and perhaps the client certificate in some circumstances (if you're also using client-certificate authentication). The URL and all the HTTP headers (and content) will be protected with SSL/TLS this way.

If you're not using a browser as a client you can make use of existing SSL/TLS libraries such as NSS (Mozilla) or OpenSSL. Make sure you configure the certificate trust and host name verification correctly.

Bruno  2010-10-13 12:31:44
I forgot to say you might be interested in something like [libcurl](http://curl.haxx.se/libcurl/c/https.html).
Bruno  2010-10-14 09:57:14
Actually I am not too keen on using libraries, mainly because they would increase the size (OpenSSL is around 3.5M) of the software...we just need to transfer one single fat file per client to a server (the data is also not supersensitive), no credential handshaking involved. I am thinking of writing a simple-custom encryption that would work most of the times.
Sayan  2010-10-14 19:03:25

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.