How dangerous is it to transfer files to webserver via regular FTP?

Started by amitkedia, Jul 22, 2022, 02:15 AM

Previous topic - Next topic

amitkediaTopic starter

Lately, my only means of accessing the server is through "regular FTP" as stated by Filezilla.
The hosting support team iterated that testing work without encryption is not safe and it is advisable to use a temporary password.

Donna D. Phillips

There's no need to worry if your computer is not infected with harmful programs like hookers or loggers. In case of a static IP, restricting FTP access solely to it will ensure safety.
To be completely sure that the website is alright, either change the password or set a strong one from the beginning and not bother about it again.


In the case of an encrypted connection, the traffic can be intercepted in the same way, but it will not be possible to view it, since it is almost impossible to decrypt the raw "leaked" data.

As for the password - just set a strong, convenient password once and never worry about it again.


Classic FTP has two more secure implementations - FTPS (FTP+SSL) and SFTP (SSH File Transfer Protocol). However, they are considered implementations only conditionally as they use distinct technological solutions.

FTPS encrypts the connection using the SSL cryptographic protocol (or TLS based on it). SSL issues a certificate that verifies the source and client for receiving data. We encounter SSL daily as it is denoted by a lock in the URL bar for secure sites. FTPS uses identical commands as FTP, but with encryption. It is impossible for a third party to intercept or substitute traffic, only track the connection parameters and traffic volume estimation. Even though it has its benefits, not all FTP servers can support SSL.

SFTP is based on SSH (Secure Shell), which encrypts both commands and data. It uses only one port by default, which is simpler to safeguard than classical implementation's multiple ports.

SFTP is more flexible concerning security since it supports more ciphers than FTPS. Additionally, SFTP uses only one stream compared to FTPS, which uses at least two (the control and data streams). Therefore, FTPS may be faster than SFTP. Currently, FTPS is used only where there's no SSH support (and hence no SFTP). To work conveniently with these protocols, file clients like SSHFS for network drive connection via SFTP have been created.