File Transfer Protocol (FTP) is defined in the 959 RFC, released in October 1985. File Transfer Protocol (FTP) is designed as a cross-platform, simple and easy to implement the agreement. File Transfer Protocol (FTP) has a long history of evolution, it is one of the most important applications on the Internet, but now, they are in decline. The authors cited a number of all aspects of the File Transfer Protocol (FTP) shortcomings criticized.
1, the data transfer mode unreasonable
Does not consider the contents of the file itself, blindly transfer data using ASCII mode is unreasonable. File Transfer Protocol (FTP) should have an automatic detection function, of course, the user can customize.
Although many Linux and Windows clients already support automatic transmission mode, but as many generations of UNIX and Windows clients use ASCII transfer mode by default, this file transfer mode even cause damage.
2, poorly designed work
File Transfer Protocol (FTP) can work in active mode (PORT) or passive mode (PASV), which determines how the data link established.
In active mode, the client first sends the IP address and port number to the server, and then wait for the server to establish a TCP link. In passive mode, the client first establish a link to the same server, but the server will open a port (between 1024-5000), waiting for clients to transmit data.
File Transfer Protocol (FTP) is the most incredible is that the client listens for the server!
3, uncoordinated work with firewalls
In the File Transfer Protocol (FTP) before the birth of Network Address Translation (NAT) and firewall, then the network is not malicious ***. Today most end users of non-routable IPv4 address, this is because of the shortage and the firewall using IPv4 addresses.
What does this mean for FTP? This means that if the FTP client after non-routable IP address, or behind a firewall, then you can only use passive transfer mode for data transmission.
If the IP address of the server can not be routed, or behind a firewall it? FTP will not be able to transmit data!
Now, many firewalls applicable to NAT environment, you can use some special skills (hacks) to allow FTP to work behind a firewall. Of course, this requires the firewall configuration.
4, password security policy is imperfect
And it does not provide for password security on the Internet early, File Transfer Protocol (FTP). In FTP client and server, data transmission in clear text, anyone has the ability to control the routing on the communication path, you can get your password and data by sniffing.
Of course, we can use SSL FTP package, but is many times linked FTP data transmission through the establishment, even if we are to protect your password security, it is difficult to protect the security of data transmission.
Since the File Transfer Protocol (FTP) release, secure data transfer also experienced rapid development, it is recommended to use SCP to replace FTP for file transfer.
5, the low efficiency of the FTP protocol
Retrieved from the FTP server a file that contains a complicated exchange handshake steps:
The client establishes a TCP Socket links FTP server control port, and waits for TCP handshake is completed
the client waits for the server to send a receipt
client sends the user name to the server and waiting for a response
client sends the password to the server and waits for a response
client sends the SYST command to the server and waits for a response
client sends TYPE I command to the server and waits for a response
if the user needs to change directories on the server side, the client still sends commands and waiting for a response
active mode, the client needs to send PORT command to the server, and then wait for a response (passive mode as opposed to active mode)
to establish a data transmission link (to go through three-way handshake to establish a TCP Socket connection)
by linking data transfer
wait for the client transmitted from the control server connected 2xx instructions to ensure successful data transmission
client QUIT command, and the server waits for a response
The same situation, we take a look at the HTTP protocol:
HTTP client establishes a TCP Socket connection to the HTTP server
HTTP client sends HTTP GET command to the server side, include URL, HTTP protocol version, virtual host name, and so on, and wait for a response
in response HTTP server contains all the data you want to complete!
A file transfer, FTP needs and forth 10 times, and HTTP requires only 2 times! If transferring multiple files, FTP can omit the step of transmitting the user name and password, and can be fixed HTTP socket (the Socket), file transfer connection at the same TCP.
In summary, although the File Transfer Protocol (FTP) once mighty, but now outdated, it is neither unsafe nor unfriendly, and inefficient protocol, is bound to be replaced.