If you allow anonymous logins, security is not a concern. There's no need to encrypt, and passive FTP is adequate -- but HTTP is a better choice these days, for most purposes. Or WebDAV, which is based on HTTP, but gives you access as a virtual filesystem..
FTP is not secure at all. It's a way for people to not just steal your data -- but also steal your passwords. Unless you use it via a secure SSH tunnel -- in which case, you've just reinvented SFTP. Rule of thumb: If you ask for a password, and care who knows that password -- don't use FTP. On Feb 3, 4:51 pm, Lewske Wada <[email protected]> wrote: > Is SFTP such an excellent standard? > > It is based on SSH and user database so it takes time to authenticate > and therefore there's no anonymous logins allowed in SSH. > > FTP needs a connection originated from the server in port mode, > but it's secure enough as long as you use a dedicated ftp-data port 20. > The problem is you cannot access from inside packet filtering network. > If you open passive ports, you have to tell which ports to open to > the server like PassivePorts xxx in for example "/etc/proftpd.conf". > > Ryu > > > > Bob Kerns wrote: > > You're reinventing the wheel here, back before they invented circles. > > > SFTP uses the same port as SSH (22 is the standard, but you can > > substitute if you want to throw off port-scanners) -- you would not be > > opening another port. > > > FTP is *extremely* problematic in the modern world. Originally, it > > required that the SERVER open a port back to the CLIENT. > > > This almost always fails, these days, due to NAT, firewalls, etc. But > > it is still the default in many clients. Even if you managed to make > > it work, it would be highly insecure -- your data would NOT be going > > through your secure channel, and you must open up ports on the client! > > > You'd have to use so-called "passive" FTP. You may even find clients > > that don't implement it. > > > You're certainly going to be plagued with client differences. You're > > certainly doing kinda-a-the-same-thing, but with a lot more > > complexity, security issues, and problems. > > > Really -- if you have control over the server side, DO NOT implement > > FTP. > > > On Feb 3, 9:01 am, mericksonj <[email protected]> wrote: > > >> The TCP port is entered correctly as 2121 when I connect to FTP, the > >> FTP cpntrol session is started properly according to the server logs. > > >> I am not using SFTP since I have disabled the sub-system on my SSH > >> server. > > >> I am trying to use SSH TCP forwarding alone to establish and maintain > >> the ftp session sice most FTP clients won't support 1024 bit RSA key > >> authentication. > > >> I am considering FTPS, but I'm not sure I want to open up another port > >> to the internet. The SSH service is the only one I currently allow > >> through the firewall. > > >> Can you tell me more about the Java error message I'm getting? or > >> maybe if there are any android native FTP apps I can use? > > >> Thanks! > >> --James -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
