Recently I acquired a software that required FTP access to my server, without which it cannot work.
I was shocked!
You see, in the last 7-8 years I have not use FTP on my servers. Even on the local office server I refuse to allow FTP to be installed. For file transfer I just use SFTP (Filezilla supports this).
Are you still using FTP, you might want to read the following and discover why it is time to take note
- Details of how FTP works and security.
- FTP Security Considerations
The traditional FTP protocol is highly insecure: it sends passwords in the clear. For this reason FTP has been recognized as one of the largest remaining security liabilities in most UNIX systems. As of 2006 FTP still remains one of the Internet’s most popular file upload mechanisms.
Another security risk lies not with FTP itself but with the widespread use of wireless internet connection.
With wireless, your FTP password travelling in clear over the air can be easily captured. You may be surprised that wireless attack is actually very easy. The kid next door may just be looking at your wireless traffic now.
So, if you are using FTP on your hosting server and at work, ask why. Security file transfer like SFTP, SCP, FTP over SSL are widely available. Perhaps it is time to ask if the hosting provider support them or move on to a more knowledgable hosting provider.
At this point I am still talking to the vendor to see how the FTP requirement can be relaxed or best removed.
Reference:
Popularity: 22%
Ever since I switched to Linux, I’ve been moving away from FTP. I use scp most of the times. The annoying thing is that you need SSH access for that to work. Luckily, the servers I host on allow scp these days.
To me if a host does not have SSH, I would not even consider it.
This was pretty tough few years ago but now it is more common.
SSH comes standard in Linux anyway.