FTP is Simple, But Open to Leaks

By ANICK JESDANUN, AP Internet Writer

The Internet was a mere 19 months old when engineers first developed a file-sharing system still in wide use today.

Although many of the technologies from those early days eventually faded away, replaced by newer developments such as the World Wide Web and search engines, file transfer protocol remains a common way for distributing larger files and updating Web sites, thanks to its simplicity and versatility.

"It says remarkably good things about the guys who designed the Internet," said John Levine, an FTP user for a quarter-century and co-author of "The Internet for Dummies." "FTP was designed well enough that there's never been a pressing need to come up with something better."

Its simplicity, though, also leads to security challenges that simply weren't imagined back in the Internet's early days.

FTP was first described in a 1971 paper, "A File Transfer Protocol," and became canonized as a standard in 1985.

For years, FTP was the primary way to transfer files. Two networked computers can send files back and forth, regardless of the file type or the computer's filing and storage system. Each computer would only need to know this common way of transferring files.

After the Web's development in the early 1990s, its hypertext transfer protocol, or HTTP, became the standard way to retrieve text and smaller images over browsers. But FTP has remained the go-to technology for downloading larger files such as documents, databases and songs; FTP download capabilities are built into standard browsers.

Standalone FTP software also can let Web developers upload Web pages onto servers for viewing, something difficult or impossible with browsers.

FTP comes with password-protection options, though usernames and passwords to access files are sent over the Internet unencrypted as regular text, allowing spies along the way to capture the information.

A bigger problem, though, is FTP's ability to let people log on anonymously, a capability purposely included to promote file sharing, but one that can accidentally expose private, sensitive documents.

The username is typically "anonymous" and the password can be anything, meaning everyone on the Internet has access to your files and servers that aren't configured correctly. Though anonymous FTP can be turned off, many older systems come with it automatically on -- and inexperienced or careless users may forget to make the change.

"You're most likely to find an open anonymous server on some workstation on somebody's desk at a university that's been sitting there for 10 years," Levine said. "You have to be careful."

Copyright 2007 The Associated Press.

For more news and headlines, please go to:

formatting link

Reply to
Anick Jesdanun, AP Writer
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.