Date: Tue, 12 Jun 2001 17:09:00 -0400 From: "Antoine Beaupre (LMC)" <Antoine.Beaupre@ericsson.ca> To: Jamie Norwood <mistwolf@mushhaven.net> Cc: "Antoine Beaupre (LMC)" <Antoine.Beaupre@lmc.ericsson.se>, freebsd-security@FreeBSD.ORG Subject: Re: OT: yet another discussion FTP vs HTTP (was: IPFW almost works now.) Message-ID: <3B2684EC.2010205@lmc.ericsson.se> References: <657B20E93E93D4118F9700D0B73CE3EA0166D97D@goofy.epylon.lan> <20010612152856.A72299@mushhaven.net> <3B267827.5090002@lmc.ericsson.se> <20010612162749.A73655@mushhaven.net> <3B2680EB.9040007@lmc.ericsson.se> <20010612165814.B74054@mushhaven.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jamie Norwood wrote: >>>No, it has a host of limitations all it's own, not the least of which is >>>that is is actually less efficient at transfering files, >>> >>I heard a few things regarding that, all contradictory. :) Could you >>give me a few examples/explanations/references as to why it is less >>efficient? I'd be curious. > > I have to admit I have nothing on hand, so will concede that battle for lack > of ammunition. I could easily be wrong. Yay! ;) >>>and that it has limited CLI tools. >>> >>I think that would be the biggest limitation. HTTP could technically >>override FTP's functionalities using the PUT and DELETE actions, but the >>only clients actually implementing this functionality are either dead >>(netscape 3) or forgotten (amaya). :) > > The question is why bother? If, as you say above, there is no difference > between the two other than interface, what makes HTTP better than FTP? > FTP has suited well for CLI work for many years. (Continued below) One less data connection. :) Actually, I think I agree with you on a few points, see below. >>>Remember, not every computer has a monitor, mouse, and >>>web browser! >>> >>Yeah... but every computer should at least have something like >>lynx/links/w3m/wget/fetch/whatever... >> >>You don't need a fully featured web browser to download/upload files to >>a webserver. Only to display them. Same for ftp. > > But they make it unessacarily convoluted to browse for wanted files. HTTP is > not, in this case, an adequet substitute for FTP. Yes, these methods .work., > but are more of a kludge than anything. Exactly. That is what I was looking for. Browsing of files over HTTP is "patchy". Some kind of workaround involving HTML. It sucks. :) >>>I would love to see something quality replace FTP. Maybe SFTP will, but it >>>is still young, and if SSH is any indication, the onlt commercial support >>>for it will be very expensive (IE, SecureCRT/SecureFX at about $100 each). >>> >>SFTP is not really an alternative. From what I understand, it is only >>built over ssh and therefore needs a corresponding shell account (if you >>exclude the RSA auth). > > SFTP is only needed over FTP in circumstances where security is needed, which > is any time a password is involved. I think you misunderstood. If you need to allow ftp access, *securly*, you must use sftp, and then, you must provide the user with a shell account, which is by definition a higher security risk, unless you disable the shell account and use only RSA auth. Which is completly user-unfriendly. > Anonymous FTP doesn't need SFTP. Agreed. Anonymous FTP still rocks. But then again... why have a root process running for anonymous ftp? :) >>It is surprising we (the internet community) haven't come up with a >>viable replacement. > > No, it isn't, because I don't really think there is a need for an elaborate > replacement. What is so broken about FTP? I must admit I do not have pretty strong ammo against ftp. It is a pain on firewall setups, though. [snip] > Jamie A. -- La sémantique est la gravité de l'abstraction. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B2684EC.2010205>