Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
FTP
Edit
PageHistory
Diff
Info
LikePages
An [Acronym] for __F__ile __T__ransfer [Protocol]. Not as relevant these days as the web has replaced most of the functionality, but this is how computer users who were on a network used to share files. Requiring a username and password to gain access to an [FTP] server, it became a convention that public areas of a server allowed the username <tt>anonymous</tt> along with any password. [FTP] has three weaknesses so major that it possibly deserves to be called the __F__'ing __T__errible __P__rotocol. # It makes no provisions for encryption of any sort. All user credentials pass the wire in the clear. Since [FTP] servers often authenticate users using their system accounts on the [FTP] host, this is close to criminal neglect. # Besides the initial connection, the so-called control connection, which is used to navigate, request directory listings, etc, [FTP] requires opening a separate data connection for every file transfer. Note that you can only have one data connection open at a time. Ironically, since directory listings are sent over the data connection, the control connection is nearly useless while a file transfer is underway. To make matters patently absurd, traditionally, the data connection originates ''from the server'' and goes ''to'' the client. Modern servers and clients support so-called passive mode, where all connections originate from the client. Needless to say, all this means it is non-trivial to permit [FTP] through a FireWall. # Lastly, the format for directory listings is unspecified. In practice, <tt>ls -l</tt> format has become the unfortunate defacto standard. This format is rather machine hostile. It is underspecified and hard to parse reliably. Despite its basically using fixed-width fields, various ls(1) implemntations let some overlong values break the columnization in a line. Infuriatingly, this directory listing format also requires a lot of code to generate on the server: a lose-lose situation. In times past, the hassle of generation would be avoided by spawning an external ls(1) process (which is how the format came to be the standard), but this is nowadays avoided for security and performance reasons. There are even more issues with the protocol, though they're not nearly so major. It's half a wonder that [FTP] works at all. ---- Part of CategoryProtocols
15 pages link to
FTP
:
Squid
MozillaThunderbirdNotes
Daemon
Vim
NetworkAdministrator
PT3808
DebianNotes
ArpaNet
CshProgrammingConsideredHarmful
WebProxy
URL
InterNet
Port
TFTPInstallHowto
ISP
