[ale] Still using plain FTP? Why?

Michael H. Warfield mhw at WittsEnd.com
Mon Jan 19 11:32:00 EST 2015


On Mon, 2015-01-19 at 09:22 -0500, JD wrote:
> For folks using plain FTP still, I'd like to know why?

> We all know it isn't secure and should have been removed from offers in the
> 1990s (along with telnet).

> So, if you are still using plain FTP, why?

Some times (many times) it's the only choice you've got.  That's from
both a client status and a server status.

If you don't need something to be secure, anonymous ftp is perfectly
fine.  I've had people upload encrypted files to me through anon-ftp
many times.  The security is in the file and it was the easiest (only)
way they could figure out.  My http upload would bomb out on them from
Windows for some reasons we could never figure out and forget about
rsync from some windows weenies.  Ftp just works and their are plenty of
good clients.  In that regard, ironically, anonymous ftp is vastly more
secure and superior to authenticated ftp!  No authentication credentials
are exposed and all the security is in the higher level (file)
encapsulations as required.

On the client side, I'm dealing with a hosting service right now that
only offers ftp to download the generated backup files or upload
updates.  We're ditching that service in just days now but I'm still
stuck with that.  No, it's not encrypted or secure at all (and it's not
anonymous) but I have no choice.  That's just one of many reasons why
we're ditching them and switching to DreamHost - though even DreamHost
has their limitations and, err, moments...

All depends on what your needs, requirements, and limitations are.  Ftp
is still very viable in appropriate circumstances.  Just watch it like a
trapped rat and don't let people abuse it for inappropriate things.

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://mail.ale.org/pipermail/ale/attachments/20150119/007991ca/attachment.sig>


More information about the Ale mailing list