Disadvantages of some file transfer protocols

File Transfer Protocol (FTP) has a long history of evolution and is one of the most important applications on the Internet. The author lists some disadvantages of File Transfer Protocol (FTP) in various aspects.

1. The data transmission mode is unreasonable.

Without considering the file content, it is unreasonable to transmit data in ASCII mode. The file transfer protocol (FTP) should have an automatic detection function. Of course, you can also customize it.

Although many Linux and Windows clients now support the automatic transmission mode, up to several generations of UNIX and Windows clients use the ASCII transmission mode by default, which may even cause File Corruption.

2. unreasonable design of work methods

The file transfer protocol (FTP) can work in the active mode (PORT) or passive mode (PASV), which determines the way data links are established.

In active mode, the client first sends the IP address and port number to the server, and then waits for the server to establish a TCP link. In passive mode, the client first establishes a connection to the server, but the Server opens a port (between 1024 and 5000), waiting for the client to transmit data.

The most incredible thing about the file transfer protocol (FTP) is that the client listens to the server!

3. Does not coordinate with the Firewall

When the file transfer protocol (FTP) was born before the Network Address Translation (NAT) and firewall, there were no malicious attacks on the network at that time. Today, most end users cannot route IPv4 addresses because of the shortage of firewalls and IPv4 addresses.

What does this mean for FTP? This means that if the FTP Client IP address cannot be routed or is located behind the firewall, data transmission can only be performed in passive transmission mode.

What if the IP address on the server cannot be routed or is located behind the firewall? FTP will not be able to transmit data!

Currently, many firewalls are suitable for NAT environments, and some special techniques (hacks) can be used to allow FTP to work normally after the firewall. Of course, you need to configure the firewall.

4. Imperfect password security policies

In the early days of the Internet, the file transfer protocol (FTP) did not set forth password security. On the FTP client and server, data is transmitted in plain text. Anyone with control over the routes on the communication path can obtain your password and data through sniffing.

Of course, we can use SSL to encapsulate FTP, but FTP transfers data through multiple links. Even if we protect the password, it is difficult to protect the security of data transmission.

Since the publication of the file transfer protocol (FTP), secure data transmission has also experienced great strides. We recommend using SCP instead of FTP for file transmission.

5. Low FTP protocol Efficiency

Retrieve a file from the FTP server, including complex exchange handshake steps:

● The client establishes a TCPSocket link to the control port of the FTP server and waits for the TCP handshake to complete.

● The client waits for the server to send a receipt

● The client sends the user name to the server and waits for a response

● The client sends a password to the server and waits for a response

● The client sends the SYST command to the server and waits for a response

● The client sends the TYPEI command to the server and waits for a response

● If you need to switch the directory on the server side, the client still sends the command and waits for the response

● In active mode, the client needs to send the PORT command to the server and wait for a response (the passive mode is opposite to the active mode)

● Establish a data transmission link (A TCPSocket connection needs to be established after three handshakes)

● Transmit data through links

● The client waits for the server to send 2xx commands from the control connection to ensure data transmission is successful.

● The client sends the QUIT command and waits for the server to respond

In the same situation, let's look at the HTTP protocol:

● The HTTP client establishes a TCPSocket connection to the HTTP server

● The HTTP client sends the GET command to the HTTP server, including the URL, HTTP Protocol version, and virtual host name, and waits for a response.

● The HTTP server response contains all the desired data!

For transferring a file, FTP needs to return 10 times, while http only needs 2 times! If multiple files are transmitted, FTP can omit the steps for sending the user name and password, while HTTP can use a fixed Socket to transmit files in the same TCP connection.

To sum up, although the file transfer protocol (FTP) was once prominent, it is now outdated. It is neither secure nor friendly, and inefficient, it is bound to be replaced.