Re: Not OFFLIST Re: TECH: info on ftp

Mark J. Reed wrote:

> Ssh is not cumbersome - there's an "sftp" that works like regular ftp
> but uses ssh, so the interface looks the same. It is more flexible -
> but that's a security tradeoff for the provider.  If you have ssh
> access you can actually execute commands on the server, in addition to
> reading and writing files, which is more dangerous for them.  But it
> opens up opportunities to use things like rsync, which is a smart file
> transfer system that only sends the parts of a file that have changed.
Most providers (and I work for one, so I've first-hand experience of this)
don't like providing SFTP because it requires actual real users on the
machine and requires an awful lot of infrastructure to get it to work
securely such as chroot jails and the like. Realistically, SSH and SFTP
aren't options if you've a shared hosting account, which is what the vast
majority of people would have, and anybody with the savvy to set up a
dedicated or colocated machine would also know enough to set up SSH themselves
anyway.

However, most providers will happily provide FTP over SSL/TLS aka FTPS.
FTPS is just as secure as SFTP, and because it's really just FTP (just as
HTTPS is really just HTTP over SSL/TLS), it's all that's required on the
part of the hosting provider is a valid SSL certificate assigned to the
server.

So if anybody's looking for secure file transfer between their computers
and their website, the thing to look for is if your hosting provider provides
FTPS.

K.

Reply