Penguin

An Acronym for File Transfer Protocol.

Not as relevant these days as the web has replaced most of the functionality, but this is how computer users who were on a network used to share files. Requiring a username and password to gain access to an FTP server, it became a convention that public areas of a server allowed the username anonymous along with any password.

FTP has three weaknesses so major that it possibly deserves to be called the F'ing Terrible Protocol.

  1. It makes no provisions for encryption of any sort. All user credentials pass the wire in the clear. Since FTP servers often authenticate users using their system accounts on the FTP host, this is close to criminal neglect.
  2. Besides the initial connection, the so-called control connection, which is used to navigate, request directory listings, etc, FTP requires opening a separate data connection for every file transfer. Note that you can only have one data connection open at a time. Ironically, since directory listings are sent over the data connection, the control connection is nearly useless while a file transfer is underway. To make matters patently absurd, traditionally, the data connection originates from the server and goes to the client. Modern servers and clients support so-called passive mode, where all connections originate from the client. Needless to say, all this means it is non-trivial to permit FTP through a FireWall.
  3. Lastly, the format for directory listings is unspecified. In practice, ls -l format has become the unfortunate defacto standard. This format is rather machine hostile. It is underspecified and hard to parse reliably. Despite its basically using fixed-width fields, various ls(1) implemntations let some overlong values break the columnization in a line. Infuriatingly, this directory listing format also requires a lot of code to generate on the server: a lose-lose situation. In times past, the hassle of generation would be avoided by spawning an external ls(1) process (which is how the format came to be the standard), but this is nowadays avoided for security and performance reasons.

There are even more issues with the protocol, though they're not nearly so major.

It's half a wonder that FTP works at all.


Part of CategoryProtocols