Comparison between FTP and HTTP for file transfer

Asked

Viewed 1,674 times

3

An issue that puzzles me is about transferring binary files over the internet.

I have experience in using FTP, which eventually went through firewall issues on clients. Another issue advocated by the sysadmins was the lack of security of this protocol.

Faced with this is the HTTP alternative, which solves the difficulty with firewall. But in terms of safety, performance, limitations, what are the perks and disadvantages between FTP and HTTP?

It makes sense to opt for FTP instead of HTTP?

  • 2

    If the problem is a lack of security in relation to FTP, you may choose sftp: https://www.digitalocean.com/community/tutorials/howto use-o-sftp-para-transferir-arquivos-com-security-com-um-servor-remoto-pt

  • 4

    HTTP was not created for binary file transfer (although it is capable of doing so), so if this is the focus, it is not the most appropriate protocol.

  • @bfavaretto But what about FTP problems? Amazon, with its large-scale S3 service, does not just use HTTP for communication?

  • @bfavaretto Ops. Does not use FTP.

  • @Murillogoulart although "similar", S3 is not a file system (nor does it have a directory concept). It is mere <-> key object association. FTP was not made to work outside filesystems. It would not make much sense to adapt the protocol simply to "mimic" the behavior.

1 answer

3


Dear, FTP was created solely for the purpose of transferring files, the great advantage of this protocol over HTTP is the possibility of "double-handed" transfer without the need for development, in a native way, if you are in doubt regarding the 2 I believe that your need is to provide the files and your customers will only download without any upload.

In terms of security, the two are similar, for example, in relation to attacks of the type man-in-the-Middle the 2 will have similar performance, since the transfer is basically in plain text (without encryption) in both cases and can be easily intercepted, which can be bypassed with sftp(ssh) as mentioned by @Miguel or with FTPS(SSL) .

I believe that in 99% of the cases what dictates the technology to be used is the ultimate need, so:

If you only need to send files, and these files are not sensitive (not confidential) I would definitely choose HTTP for the reason you specified, there are no firewall problems of the clients.

If your data is confidential you would choose the sftp(ssh) or the FTPS(SSL), properly configured (anonymous user disabled, strong passwords, etc..).

In addition to these options there is also a middle ground, which is to use a secure file exchange platform for HTTPS, recently implanted in a client and has fully served: https://pydio.com/

  • 4

    FTP was made to transfer file: correct - HTTP do not double: incorrect (POST and PUT methods, for example)- FTP has user and password and HTTP does not: incorrect (HTTP can use user/password authentication without problems, direct in the protocol) - Plain text in 2 cases: incorrect (FTP works with binary without problems) - I suggest fixing the 3 incorrect points (there are other statements kind of complicated, but these 3 points really deserve a correction).

  • @Bacco - ok dear! I already edited the answer to be clearer, as to "double hand" to exemplify, (considering zero development)

  • @Gustavofast Why large cloud players like Amazon, with the service used on a large scale S3, don’t just use FTP for communication?

  • i think ftp practically died, it is very little used

Browser other questions tagged

You are not signed in. Login or sign up in order to post.