Talk:FTPS

What is the reasoning given for preferring explicit SSL

See

"you are trying to deploy a secure FTP client or server, you may get badly bitten by a poorly designed or configured Firewall"

- its not that the firewall is poorly designed or configured, it simply cannot decrypt the control channel in order to determine what ports to dynamically open in order to allow the application to work.

- yes it can be a poor firewall: It could drop a session on port 21 if it thinks it doesn't 'look' like FTP (some do). It could drop a session on port 21 if it is inactive for a period of time, because the data is being transferred on another socket pair (some do). It could decide that it 'knows' all the FTP commands and refuse to pass on the AUTH request (some do). Notwithstanding the concept that a network level device (a firewall) starts looking in application data streams and making bizarre decisions about dynamic port restrictions is just plain broken - That's the job of an Application Layer Gateway.

Combine, Combine, Combine
This article and SFTP (SSH Over FTP) article should all be combined into FTP article.12.110.196.19 18:39, 3 April 2006 (UTC)

-- FTPS is a completely different animal than FTP.

No no no, FTPS is FTP with SSL in the same manner HTTPS is HTTP with SSL. Do not confuse FTPS with SFTP which is the FTP-look-alike that is file transfers over the SSH protocol.

-- I disagree. There is more to FTPS than just wrapping it in TLS/SSL. There are unique FTP control commands, unique ports, and other differences. Dinjiin (talk) —Preceding undated comment was added at 19:40, 26 January 2009 (UTC).

... which basically makes FTPS a further evolution of FTP. It is either FTP wrapped in SSL or FTP with the added TLS controls. Not a "completely different animal". I agree that combining makes sense. clacke (talk) 09:58, 24 February 2009 (UTC)


 * There certainly needs to be a good disambiguation article for this general area. This is a rats nest of similar and overloaded terms. I'm thinking about this on my user page... - Paul (talk) 16:33, 5 May 2009 (UTC)

Using HTTP authentication to prevent eavesdropping? Come on!
"The opportunity for unauthorized third parties to eavesdrop on data transmissions proportionally increased. Some limited efforts were made with other protocols to thwart this behavior, such as Base64 encoding of authentication data within the Hypertext Transfer Protocol (HTTP)."

The people developing protocols 30 years ago had 30 years less experience than we have now, but they were not imbeciles. HTTP authentication is just that, authentication. Is is used as a basis for access control, not for preventing eavesdropping. I am removing the "limited efforts" sentence. clacke (talk) 10:05, 24 February 2009 (UTC)

Confused
The article says that "the explicit method is a legacy compatible implementation", which made me think that the explicit method is there for legacy purposes and that the implicit method is preferable. But a few paragraphs later, the implicit method is "considered an earlier, deprecated method". So I got very confused. However, on reflection, I think that "legacy compatible" is a typo for "legacy-compatible" (different meaning due to the hyphen), and that the article is trying to say that we should use the explicit method. 195.72.173.52 (talk) 10:31, 9 September 2010 (UTC)
 * Take a look at the new revision, I've rephrased it in an attempt to remove the ambiguity. Edigaryev (talk) 07:35, 10 October 2015 (UTC)

Is FTP still commonly used?
The article says "FTPS (also known FTP-SSL, and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP)[...]" Is FTP still commonly used? BootOutMoot (talk) 19:57, 21 December 2020 (UTC)