FTP - file transfer protocol - is the most commonly used method for moving files around Web. Now Steve Frank, a founder and developer for Mac software company Panic, has come out and recommended that people stop using FTP.
I wrote about this (see If hackers don’t get you, maybe Google will) after my other blog, StorageMojo, was hacked. I’m glad to see a vendor of FTP software - I use their fine product Transmit - jump on board with a strong recommendation.
Why? Here are a couple of the best reasons he gives.
* Unless totaled over a secure socket, FTP is 100% insecure. Your password, and the contents of all your files are sent in the clear, free to be examined or captured by any network hop between you and your server. . . .
* FTP is not friendly with firewalls. Because it constantly needs to establish new connections, this has led us to “passive mode” which might as well be black magic as far as most people are concerned. Briefly, passive mode means the client initiates data connections to the server, rather than the default where the server makes connections to the client (yes, really). Worse still, data connections occur on varying high port numbers (usually 49152 - 65335) which means since Edmonds would have to open over 16,000 ports in the firewall, almost defeating the purpose of a firewall in the first place. It’s a mess, and it’s really hard to understand.
Bookmarks