ftp vs sftp
# February 13, 2009 at 10:53 am
This reply has been reported for inappropriate content.
I’m all for people posting questions, but this is getting a little out of hand. There’s an amazing tool on the internet called… Google! Hurrah!
Wikipedia also has two articles on the subject:# February 15, 2009 at 8:28 pm
in short, FTP is "in the clear" so every character you type is sent across the internet completely readable. So should someone be inline of your traffic they could easily read your user name and password. sFTP is encrypted. And yes, googling and wiki’ng would have answered this.# March 5, 2009 at 4:20 pm"jitendra" wrote:If FTp is less secure than Sftp then why people use FTP
The short answer is because not all clients support SFTP.
A lot of existing clients and, importantly, web publishing tools only support plain FTP. If web hosts were to abandon FTP in favour of the secure variety they would be inundated with support requests by users trying to publish from MS Frontpage, or whatever.
One could say that users of older tools without support for SFTP should upgrade. We said that about IE6. Years ago. Add to that the confusion over SFTP, FTP over SSH and FTPS and which one(s) to support and it just becomes easier to allow users to use plain FTP.# March 6, 2009 at 3:41 pm
Connecting to a server through an SFTP protocol is essentially the same as connecting through a standard FTP protocol. The only real difference is that you instruct your FTP client to connect to your SSH port rather than your FTP port (in most cases, FTP defaults to port 21 while SSH defaults to port 22). If you have an FTP client that doesn’t allow you to insert custom port numbers,# March 6, 2009 at 7:55 pm
This reply has been reported for inappropriate content."davesgonebananas" wrote:The short answer is because not all clients support SFTP…
This is no reason to not use sFTP. If your client doesn’t support sFTP, then change your client. Only if the server you’re connecting to doesn’t allow sFTP, then and only then use FTP.# March 7, 2009 at 7:24 am
What I meant to say was the reason why most web hosting servers still allow plain ftp is that not all software clients support the other more secure protocols. If server operators ditched ftp support then we would all stop using ftp, however until the majority of software clients support sftp (and that currently is not the case) then they won’t do that.
It’s the same kind of chicken and egg situation with IE6 – if designers stopped supporting it (by using hacks and work arounds for it) then people would soon ditch it. Most designers go to great lengths to ensure that their sites look, if not perfect, at least passible in IE6. This means its users have no incentive to upgrade. That is to say they have no incentive other than the already valid reasons of better security, more features and modern standards support but since they have ignored these for some time it seems a more compelling reason is required.
However, I suppose anonymous ftp will always have a place in the same way that we use non-secure http for most sites.
You must be logged in to reply to this topic.