X
Tech
Home Tech Computing Servers

FTP: untrustworthy file transfer

FTP - file transfer protocol - is the most commonly used method for moving files around Web. Now Steve Frank, a founder and developer for Mac software company Panic, has come out and recommended that people stop using FTP.
Written by Robin Harris, Contributor

FTP - file transfer protocol - is the most commonly used method for moving files around Web. Now Steve Frank, a founder and developer for Mac software company Panic, has come out and recommended that people stop using FTP.

I wrote about this (see If hackers don’t get you, maybe Google will) after my other blog, StorageMojo, was hacked. I'm glad to see a vendor of FTP software - I use their fine product Transmit - jump on board with a strong recommendation.

Why? Here are a couple of the best reasons he gives.

  • Unless totaled over a secure socket, FTP is 100% insecure. Your password, and the contents of all your files are sent in the clear, free to be examined or captured by any network hop between you and your server. . . .
  • FTP is not friendly with firewalls. Because it constantly needs to establish new connections, this has led us to "passive mode" which might as well be black magic as far as most people are concerned. Briefly, passive mode means the client initiates data connections to the server, rather than the default where the server makes connections to the client (yes, really). Worse still, data connections occur on varying high port numbers (usually 49152 - 65335) which means since Edmonds would have to open over 16,000 ports in the firewall, almost defeating the purpose of a firewall in the first place. It's a mess, and it's really hard to understand.

If not FTP, what? As noted in my blog post two months ago as FTP - secure FTP - is an excellent alternative.

To quote Steve Frank again:

It's secure, it's consistently implemented, and its machine-readable. That all adds up to a more reliable future proof transfer client for you.

I've talked to a lot of people who didn't even realize their host supported SFTP. If your hosting service supports SFTP, you usually don't have to change anything except for switching your client protocol from FTP to as FTP period if it doesn't work, you should ask your host if there is anything else you have to do (such as use a different port number)....

FTP has served us well but it's time to move on. You wouldn't use a 23-year-old computer to do your work, so don't use a protocol from the same vintage. Demand of modern transfer protocols from your host.

Amen, brother.

The Storage Bits take Just one thing.

Steve, if this is such a great idea - and it is - why isn't SFTP the default FTP option in your company's product?

You are the expert. You have the knowledge. Your users typically have no more idea how FTP works than they do about ray tracing.

As computers become more pervasive the technical expertise of the average user continues to drop. Smart vendors will make an effort to meet their customers more than half way.

Comments welcome, of course.

Editorial standards
Show Comments

Related

Placeholder product image alt text

The best AI image generators to try right now

end-card-vid-2

An 'unprecedented time': Inside the three-dimensional approach corporate executives are taking to generative AI

prioritize-hands-on-images

Buy a Costco membership for just $20 right now