Just a random Joe here, but I'd like to vote *against removing FTP support*. 
FTP is still widely used, its easy to configure and to use file transfer 
protocol. Despite its age, there still aren't really any proper full-featured 
and well-supported alternatives for FTP, one of the reason is because FTP is 
universally supported in OS and browsers while other protocols are not, and 
removing FTP support from Firefox removes "old and ugly" protocol without 
introducing any alternative for it, reducing the software functionality for end 

The main advantage of the protocol is its design for file transfer only. Unlike 
more general and complex protocols like HTTP, FTP does not require for the 
administrator to setup and configure multiple complex software (web server + 
application server/interpreter + file sharing software on top of it) to perform 
one simple thing: file transfer. You can't upload whole folder without complex 
hacks via HTTP, while FTP allows to do that in one click.

File transfer with FTP:

  * Easy software setup, lots of mature server and client software for any 
  * Upload privileges could be given as easy as sharing the link
  * You can download and upload whole folders
  * You can navigate through folders, download and upload files and folders 
with stock Unix and Windows console and graphical software

File transfer with HTTP:

  * Complex software setup: web server + special third-party file transfer 
software, which does not conform to any specification
  * Could not be properly used outside of web browsers
  * No functionality to download multiple files at once, only file-by-file
  * No functionality to download or upload folders

One of the argument against FTP is that it's unsecure. The plain FTP, just as 
HTTP, does not have encryption, but there's HTTPS alternative for FTP — FTPS, 
which is a TLS layer on top of FTP. I believe it could be easily implemented in 
Firefox. There's a bug for adding FTPS support which has been filled 19 (!) 
years ago

I guess It would be acceptable if Mozilla remove FTP support but introduce it's 
alternative, WebDAV for example. WebDAV is a file transfer protocol on top of 
HTTP. It provides functionality similar to FTP, but it's not popular due to 
very limited software support (both client and server).

I ask you to consider not to remove FTP support. Despite its problems, the 
protocol still does what it is designed to do and beats its rivals. If protocol 
insecurity is the only consideration, I am willing to help by implementing FTPS 
(FTP over TLS) support and sending a patch, if that would change Mozilla's 
decision to keep this functionality. Please let me know if I can do anything, 
because I won't try to implement FTPS support if it won't be merged.

Also, Google still index FTPs. I find it strange if the user clicks on Google 
search result and it could not be opened in a browser.

On 19.03.2020 03:24, Michal Novotny wrote:
> We plan to remove FTP protocol implementation from our code. This work is 
> tracked in bug 1574475 [1]. The plan is to
> - place FTP behind a pref and turn it off by default on 77 [2]
> - keep FTP enabled by default on 78 ESR [3]
> - remove the code completely at the beginning of 2021
> We're doing this for security reasons. FTP is an insecure protocol and there 
> are no reasons to prefer it over HTTPS for downloading resources. Also, a 
> part of the FTP code is very old, unsafe and hard to maintain and we found a 
> lot of security bugs in it in the past. After disabling FTP in our code, the 
> protocol will be handled by external application, so people can still use it 
> to download resources if they really want to. However, it won't be possible 
> to view and browse directory listings.
> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1574475
> [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1622409
> [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1622410

Attachment: signature.asc
Description: OpenPGP digital signature

dev-platform mailing list

Reply via email to