On Fri, 16 Apr 2021 03:02:38 +0000, Seymour J Metz wrote: >Wouldn't it make more sense to ask IBM to provide SFTP-SSH servers rather than >FTP servers, given the concern with security? > Are browsers and other utilities that are ending support for FTP extending support for FTPS or SFTP?
(Are there publicly accessible FTPS and SFTP server which can be used to verify this? HTTPS is pervasive.) And are many organizations which restrict installation of third-party apps embracing any which support FTPS? On Fri, 16 Apr 2021 03:07:30 +0000, Gibney, Dave wrote: > >Really, what is the security risk of FTPS? I know it seems to be increasingly >considered a problem, but why? > I'd expect the dual-socket design of FTP(S) to add a level of complexity that makes security more complicated. Does FTPS employ AT-TLS, Transport Layer Security whereas HTTPS and SFTP employ application layer security? In the former. is the channel between application layer and transport layer unsecured, exposed to exploits? Does the greater use of HTTPS compared to FTPS imply that more resource is devoted to discovering and repairing exposures in the former? But does that also make the more popular protocol a more enticing target to exploiters? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
