

Ftp Must Die - nickb
http://wooledge.org/mywiki/FtpMustDie

======
mojuba
FTP can return sane directory listings that can be analyzed by a program -
something that's still missing in HTTP.

~~~
ratsbane
http can do that too although I agree that mod_autoindex doesn't.

------
epi0Bauqu
I haven't used FTP in years. SCP all the way!

~~~
mojuba
And that's overkill, as most of the time we don't need data to be encrypted.
In fact secure authentication and insecure data transfer would be enough, but
SSH lacks this possibility.

~~~
epi0Bauqu
I never want any of my business data going across the Internet unencrypted.

~~~
epi0Bauqu
Why was I downmodded for this? The only time I really use SCP is to transfer
backups, and I want those encrypted. I don't see why that is an unreasonable
thing.

~~~
mojuba
Well, in theory anything that you copy over the network can be intercepted and
modified to do harm to you or your business. However, the cost of a man-in-
the-middle attack is usually higher than the content you are transferring _in
most cases_.

For example, if I'm downloading sources of an open-source program from a
public web site, what's the point of attacking me and changing the contents?

(And I have no idea why you were downmodded.)

~~~
epi0Bauqu
I'm not generally concerned about a man-in-the-middle attack. What I am
concerned about is someone just capturing my data and then having it or using
it. For example, in my backups will usually be a copy of various databases.

~~~
mojuba
Ok, I understand that, but back to my question: why do you need encryption for
something that's openly available anyway, for example an open-source program?
And it's not everyday that we copy private business data over the Net, so my
point is, it would be nice to have an option for faster unencrypted transfers.

~~~
mdakin
Look into rsync [1] if you want transfers to be _fast_. You have the option
(but not the requirement) to encrypt by using rsync in concert with ssh.

Incidentally I do transfer private business data over the network, encrypted,
every single day, usually many times per day.

[1] <http://samba.anu.edu.au/rsync/>

~~~
ratsbane
I strongly agree with the article and with mdakin's point; scp is good but
rsync is better. ftp is awkward, flawed, and obsolete. I am amazed that it is
still used as much as it is. Perhaps the problem is largely due to Windows
admins. ssh still doesn't ship with Windows and too many Windows admins aren't
familiar with it.

------
wmf
What really perplexes me are the sites that still use FTP for serving large
files, as if FTP is better than HTTP for that purpose.

~~~
locust
It could be about their particular software (eg apache vs proftpd) rather than
the underlying protocol.

