I’m all for people posting questions, but this is getting a little out of hand. There’s an amazing tool on the internet called… Google! Hurrah!
Wikipedia also has two articles on the subject:
in short, FTP is "in the clear" so every character you type is sent across the internet completely readable. So should someone be inline of your traffic they could easily read your user name and password. sFTP is encrypted. And yes, googling and wiki’ng would have answered this.
The short answer is because not all clients support SFTP.
A lot of existing clients and, importantly, web publishing tools only support plain FTP. If web hosts were to abandon FTP in favour of the secure variety they would be inundated with support requests by users trying to publish from MS Frontpage, or whatever.
One could say that users of older tools without support for SFTP should upgrade. We said that about IE6. Years ago. Add to that the confusion over SFTP, FTP over SSH and FTPS and which one(s) to support and it just becomes easier to allow users to use plain FTP.
Connecting to a server through an SFTP protocol is essentially the same as connecting through a standard FTP protocol. The only real difference is that you instruct your FTP client to connect to your SSH port rather than your FTP port (in most cases, FTP defaults to port 21 while SSH defaults to port 22). If you have an FTP client that doesn’t allow you to insert custom port numbers,
What I meant to say was the reason why most web hosting servers still allow plain ftp is that not all software clients support the other more secure protocols. If server operators ditched ftp support then we would all stop using ftp, however until the majority of software clients support sftp (and that currently is not the case) then they won’t do that.
It’s the same kind of chicken and egg situation with IE6 – if designers stopped supporting it (by using hacks and work arounds for it) then people would soon ditch it. Most designers go to great lengths to ensure that their sites look, if not perfect, at least passible in IE6. This means its users have no incentive to upgrade. That is to say they have no incentive other than the already valid reasons of better security, more features and modern standards support but since they have ignored these for some time it seems a more compelling reason is required.
However, I suppose anonymous ftp will always have a place in the same way that we use non-secure http for most sites.
You must be logged in to reply to this topic.