I ran across a nice blog posting by Steven Frank’s while trolling through Reddit earlier today, and I thought he was right on: “Don’t Use FTP” is pretty good advice for just about anyone.
It’s not that FTP wasn’t a good idea when it was designed; it was nice, it worked, and it served us all well for many years. But it just hasn’t aged well. As Frank points out (see “Note 2” down towards the bottom), although there are many other protocols still in use that were created around the same time, most of them have been extensively updated since then. FTP hasn’t; the defining document for the protocol — insofar as one actually exists — is still RFC 959, written in 1985.
It’s a bit unfortunate that it’s been allowed to languish, because it does serve a need (which is why it’s still around, despite its insecurity and firewall-traversal issues and everything else): it’s a lingua franca for bulk file transfers between systems. It’s certainly better, in theory if not in practice, than abusing port 80 and HTTP for the same purpose. However, given that alternatives (SFTP in particular) exist, there’s really no excuse for using it in new installations or for interacting with a modern hosting environment. Any commercial provider that only offers FTP as a bulk-transfer option should be called publicly onto the carpet; that’s simply not acceptable practice in 2008.
0 Comments, 0 Trackbacks