EnterpriseDT Blogs

Archive for November, 2008

Is FTP dead?

Thursday, November 27th, 2008

Is FTP, the once ubiquitous File Transfer Protocol, dead?

It’s certainly an ageing protocol. Invented in the 1970’s, most implementations follow RFC 959, published in 1985.

And there are plenty of criticisms of FTP. It isn’t secure - passwords are sent in plain text. Data transfers use a new TCP connection for each transfer, and this can cause complications with firewalls as well as exhausting system resources. Directory listings aren’t standardized, and timestamps aren’t preserved on transferred files.

And yet FTP still persists. A quick google reveals hundreds, if not thousands, of FTP products on the market, and millions of references. Given its flaws, why is FTP still in use?

The biggest reason is the lack of competition. There simply aren’t many viable alternatives for transferring files across networks, including the Internet. HTTP is primarily used for downloading files, and isn’t very flexible. More proprietary protocols such as SMB are for local networks only. Instant messaging clients do provide file transfer facilities, but these are tightly integrated with the GUI, and generally only work with other clients on the same messaging network.

Also, many NAT devices automatically work with FTP, opening and closing data ports as needed. The appropriately ports are normally open in firewalls, so if anything will work without reconfiguration, it will be FTP.

So it seems that FTP will be around for a long time yet.

Given that we haven’t got much choice, how can we best use FTP?

One of the most important criticisms is lack of security. FTPS (FTP over SSL) was designed to overcome this problem.

Often called secure FTP, in FTPS passwords are no longer sent in plain text, but over an encrypted connection. Both commands and data can be encrypted, and a number of ciphers are available. FTPS is becoming quite widespread, and is supported by many FTP servers. It is a good choice if it is a requirement to add security to existing applications that are using FTP, as the protocol is not significantly changed. It should be noted that firewalls may require some reconfiguration as NAT devices are no longer able to automatically open and close ports as required - since commands are encrypted they are unable to determine what ports are being used.

Another option is to use SFTP (FTP over SSH). This is actually a different protocol altogether, and one that was designed to provide security from the beginning. It also uses a single TCP connection for both commands and data, eliminating most firewall problems. As SFTP is a more modern protocol, it also provides standardized directory listings and other useful features.

In conclusion, FTP lives on and on. It is still the most popular way of transferring files, and both FTPS and SFTP offer more secure ways of doing so than ordinary FTP.

Tags:
Posted in Discussion | Comments Off

SFTP in Java

Thursday, November 27th, 2008

Introduction

This demonstrates how Java clients can connect to SFTP servers to transfer files, using  edtFTPj/PRO.

Detail

SFTP is a protocol for transferring files securely via the SSH protocol. File transfer commands are implemented on top of SSH. For Java clients to communicate to SFTP servers, the client side of the SFTP protocol and SSH must be implemented in Java.

It is not realistic for most applications to directly implement the SFTP protocol. Instead, it is best to acquire an implementation that is well tested and feature rich - for example, edtFTPj/PRO. The following example demonstrates how a client using edtFTPj/PRO can connect to an SFTP server and list the current directory on the server. It downloads every file in the directory:

import com.enterprisedt.net.ftp.*;
 
SecureFileTransferClient client = new SecureFileTransferClient();
 
// set params
client.setRemoteHost(host);
client.setUserName(username);
client.setPassword(password);
client.setProtocol(Protocol.SFTP);
 
client.connect();
 
// get a directory listing
FTPFile[] files = client.directoryList();
for (int i = 0; i < files.length; i++) {
   System.out.println(files[i].toString());
   client.downloadFile(files[i].getName(), files[i].getName());
}
 
client.disconnect();

Tags: ,
Posted in Tutorials | No Comments »

FTPS in Java

Thursday, November 27th, 2008

Introduction

This demonstrates how Java clients can connect to FTPS servers to transfer files, using  edtFTPj/PRO.

Detail

FTPS is a protocol for transferring files securely via FTP. Basically, the standard FTP protocol is encrypted via secure sockets, or SSL. For Java clients to communicate to FTPS servers, the client side of the FTP protocol and SSL must be implemented in Java.

It is not realistic for most applications to directly implement the FTPS protocol. Instead, it is best to acquire an implementation that is well tested and feature rich - for example, edtFTPj/PRO. The following example demonstrates how a client using edtFTPj/PRO can connect to an FTPS server and list the current directory on the server. It downloads every file in the directory:

import com.enterprisedt.net.ftp.*;
 
SecureFileTransferClient client = new SecureFileTransferClient();
 
// set params
client.setRemoteHost(host);
client.setUserName(username);
client.setPassword(password);
client.setProtocol(Protocol.FTPS_EXPLICIT);
 
client.connect();
 
// get a directory listing
FTPFile[] files = client.directoryList();
for (int i = 0; i < files.length; i++) {
   System.out.println(files[i].toString());
   client.downloadFile(files[i].getName(), files[i].getName());
}
 
client.disconnect();

Tags: ,
Posted in Tutorials | No Comments »

Advanced FTP Scripting

Wednesday, November 26th, 2008

FtpScript is a command-line tool that allows users to execute FTP scripts that employ VB or C# syntax. A secure FTP (FTPS/SFTP) version is available upon request.

The executable may be downloaded from here. It requires .NET framework 2.0 or better. A list of commands may be found here.

Scripts are invoked in the same way as any other console command:

ftpscript getfile.vb

The following simple VBScript-based script connects to a website and lists the files in the root directory:

Connect "ftp.gnu.org", "anonymous", "test@test.com"
Print GetFiles

or to change into a particular directory and download a file:

Connect "ftp.gnu.org", "anonymous", "test@test.com"
ChangeWorkingDirectory "/gnu/bison"
DownloadFile "bison-2.0.tar.gz"

Since the tool supports real programming languages it’s possible to use advanced constructs such as conditional statements and loops. For example, the following example connects to the same website but then downloads the first file (as opposed to directory) that it finds:

Connect "ftp.gnu.org", "anonymous", "test@test.com"
For Each file in GetFilesInfos
  If Not file.Dir Then
    DownloadFile file.Name
    Exit For
  End If
Next

If the user prefers C# syntax then the above script would look like this:

Connect("ftp.gnu.org", "anonymous", "test@test.com");
foreach (FTPFile file in GetFilesInfos())
  if (!file.Dir)
  {
    DownloadFile(file.Name);
    break;
  }

FtpScript also supports command-line arguments so that variables may be set directly from the command-line as follows:

ftpscript getfile.vb ftp.gnu.org anonymous test@test.com

They are used within the scripts as follows:

Connect $1 $2 $3
For Each file in GetFilesInfos
  If file.Dir Then
    DownloadFile file.Name
    Exit For
  End If
Next

$1 gets the first value after the script-file name, $2 the second, and so on.

Posted in Scripting | No Comments »