undefined | Better HN

0 pointshandrous4y ago0 comments

ftps exists. The solution to http wasn't getting rid of it, it was pushing for more https.

I'm not saying there weren't good reasons to get rid of ftp support, but that doesn't seem like one.

0 comments

desktopninja4y ago

Surprising how many people don't know about ftps. FTP with SSL.

floatboth4y ago

It's very obscure. Most things (mostly shared hosting lol) went straight to SSH's SFTP instead.

alerighi4y ago

SFTP is mainly a *NIX thing. And it's a terrible hack built on top of a protocol meant to be something really different.

Also, while in theory SFTP can be as secure as FTPS, in practice it's not. How many people really check that the server public key signature it's the correct one? You know that annoying message that appears the first time you connect to a server and you have to say yes and if you don't it will not let you continue?

Not checking that give you the same security as having a HTTPS/FTPS server with a self signed certificate. You trust blindly the identity of the server, but there could be someone doing a man in the middle and stealing all your data. In that situation, FTPS is more secure, mainly because you need a valid TLS certificate that will give you some guarantee about the identity of the server.

1 more reply

da_chicken4y ago

It's because there's multiple versions which are fundamentally incompatible.

j / k navigate · click thread line to collapse