Sponsored by the makers of WS_FTP       Download the latest version now!
FTPplanet.com

FTPplanet.com Blog

« FTP in 2 minutes | Main | Securing an FTP Server »

September 18, 2008

FTPS versus SFTP...... Which to choose?

Sometimes lost is the confusing alphabet soup of FTP, SSL/FTPS and SSH/SFTP is a clear understanding of the differences between the various protocols.

A key takeaway is that basic FTP is not encrypted and that more and more folks are turning to encrypted protocols such as SSL and SSH for file transfers.

Generally speaking, I recommend setting up your server to support both flavors on encrypted communication protocols.... That will enable your end users with more options to securely connect to your server.

But there are some differences between the way FTPS and SFTP were implemented and each has some strengths and weaknesses. Here's a great post by IT Tutorial Solutions that goes into detail on the pros and cons of each.

FTPS Pros:
• Widely known and used
• The communication can be read and understood by the human
• Provides services for server-to-server file transfer
• SSL/TLS has good authentication mechanisms (X.509 certificate features)
• FTP and SSL/TLS support is built into many internet communication frameworks

FTPS Cons:
• Doesn't have a uniform directory listing format
• Requires a secondary DATA channel, which makes it hard to use behind the firewalls
• Doesn't define a standard for file name character sets (encodings)
• Not all FTP servers support SSL/TLS
• Doesn't have a standard way to get and change file and directory attributes

SFTP Pros:
• Has good standards background which strictly defines most (if not all) aspects of operations
• Has only one connection (no need for DATA connection)
• The connection is always secured
• The directory listing is uniform and machine-readable
• The protocol includes operations for permission and attribute manipulation, file locking and more functionality

SFTP Cons:
• The communication is binary and can't be logged "as is" for human reading
• SSH keys are harder to manage and validate
• The standards define certain things as optional or recommended, which leads to certain compatibility problems between different software titles from different vendors
• No server-to-server copy and recursive directory removal operations
• No built-in SSH/SFTP support in VCL and .NET frameworks

At the end of the day, both FTPS/SSL and SFTP/SSH deliver strong encryption and are both worthy of securing files that are being moved to and from your servers.

Posted by Hugh Garber at September 18, 2008 08:42 AM digg this add to del.icio.us add to My Web Furl this page

Trackback Pings

TrackBack URL for this entry:
http://www.ftpplanet.com/cgi-bin/mt-tb.cgi/772

Comments

Post a comment




Remember Me?


 
  Quick Links
 Discussion Forums
 Online Tutorials
 Site Map
  Guide Books
  Newsletter Archive
 
  Featured Item
WS_FTP 2007: New version of popular FTP client