FTPS in Applications
FTP may indicate either a method for sending files or the program that performs the actual sending. The protocol itself is one of the oldest means of sending and accessing files on the Internet, and you must still access an FTP server to upload files to, or download files from, a website. This is especially helpful for webmasters who do not use a content management system (CMS).
The majority of web hosts will allow for FTP access – which is generally over secure FTPS access. It is very rare to find a host which does not support it – unless they are using a different but similar technology like WebDAV or Secure Shell (SSH) Protocol.
It’s important to note that FTPS has nothing to do with the completely different file transfer system, the SSH File Transfer Protocol (SFTP). Several companies offer free and commercial versions of secure FTP clients, which you can install locally and use to transfer files.
The most popular clients include FileZilla, Transmit, and CyberDuck. FTP can also be accessed directly through Windows file explorer if setup correctly. Files can often be dragged and dropped from the FTP client into a folder – and vice versa.
It is common practice to edit files on a local hard drive, and then push updated HTML or content onto the web server over FTP.
What’s the difference between Anonymous FTP and FTPS?
Anonymous FTP is a file transfer protocol system that allows users to download files via regular FTP access without the need for a secure username and password. With this system, every single user will have an FTP account and sign-in access to your site. With today’s high volume websites and wide variety of security concerns, anonymous FTP is not a very practical application for file transfers.
By comparison, FTPS is almost the exact opposite of Anonymous FTP. FTPS is a security extension to File Transfer Protocol, and it guards against tampering when data is sent over a public network. Almost all website hosting providers allow some type of FTP access to their customers – most don’t offer Anonymous FTP today, but FTPS is also not always the required method of file transfer, either. Consult with your hosting provider before you begin uploading and downloading files via FTP if you are unsure what access users have to your server.
FTPS and FTP are so old – are they still important?
Roads and bridges are a very old concept, but we still use them. Throughout the previous century, humanity learned how to create asphalt, manage steel enforced beams – and generally made bridges safer.
They also made bridges less prone to collapse, and put jersey barriers into freeways to make them safer. This anology applies to the information super-highway just as easily – file transfer protocol has existed longer than a graphical interface operating system. Yet, the core network concepts hav
Is FTPS the only way to send files securely?
No, there are many options available, but each one depends entirely on the operating system available, and/or the type of server being run by your web host. FTP works across multiple operating systems with relative ease.
WebDAV is mostly Microsoft focused, SSH File Transfer Protocol (SFTP) – uses SSH – which is built natively into Linux, but requires special configuration to run on Windows. Alternatively, AtomPub and CMIS offer similar functionality but generally need a higher amount of configuration – and are used for deep infrastructure.
Who uses SFTP?
Anyone! Almost all web hosts have FTP, and many allow for secure transfers. Be sure to ask your provider if TLS/SSL is part of the hosting plan. Most modern hosts should say yes.
Other features in Server Administration
FTPS Frequently Asked Questions
Is FTPS the same thing as File Transfer Protocol (FTP)?
The name is similar, but the idea is different. FTPS is a security extension to FTP. It is used as a security measure to protect against tampering when information is transmitted via the internet.
How simple is it to implement FTPS via my hosting plan?
It depends on the hosting company you are using. While some allow for FTPS access, others prohibit this.
You may still have access to FTP, but not the additional security extension. If this is important to you, it is a must to verify this feature with your hosting company before signing up.
Is FTPS really necessary?
There is no right or wrong answer to this question, but here is what you need to know: this was developed to make it safer to transfer information via the internet.
It is not necessary, as some hosting companies do not offer support, but, there is no denying the benefits of it from a security point of view.
What are the other names for FTPS?
You may not be familiar with FTPS, but could have come across one of its other names at some point. It is also known as FTP over SSL (Secure Sockets Layer). Other terms include FTPES, FTP over TLS, FTP/SSL, and FTP Secure.
Are there ways to take advantage of FTPS if not offered by a hosting company?
The easiest way to benefit from FTPS is to find a hosting provider that allows FTPS access.
If this is not possible, there are third party companies to consider. It adds another step to the process, but clients such as FileZilla and CyberDuck are commonly used.
Is SFTP the same thing as FTPS?
While similar in some ways, SFTP and FTPS are not the same. These are the most commonly used protocols for secure FTP transfers, but are not identical.
What is the difference between explicit and implicit FTPS?
Also known as FTPES, the name “explicit” says it all. It means that the client must explicitly request security from an FTPS server.
Implicit FTPS is different in the way that negotiation is not permitted. A client must challenge the server with a ClientHello message. If this is not received by the FTPS server, the connection is immediately dropped.
Are FTPS servers required to provide a public key certificate?
Yes. These can be created through the use of tools, including but not limited OpenSSL.
What are the reasons why many people ditch FTP for the use of FTPS?
There is no requirement to transmit data via FTPS, but there are many reasons to make the change from plain FTP. Above all else, passwords and data are un-encrypted with FTP.
Along with this, FTP servers are often times attacked through “back doors.” When this happens, it is possible for an attack to go unrecognized for an extended period of time.
Are there any situations in which it is okay to ignore FTPS, instead opting for plain FTP?
When it comes to online security, most people believe in the idea that “it is better to be safe than sorry.”
There are times when FTP is enough, such as when everything on the server is set to be shared. Furthermore, this could make sense if no networking port or firewall is necessary.
What do users consider the top benefits of FTPS?
The primary benefit is the security, but others include: used by millions, communication that can be read by humans, server to server file transfers, and support that is offered by many communication frameworks.
Are there any drawbacks of using FTPS?
Just the same as any security extension or application, you must be aware of both the pros and cons.
In an overall sense, FTPS is capable of handling the secure transmission of data. There are drawbacks to be aware of, which can include: lack of a uniform directory listing format, some FTP servers do not support SSL/TLS, and it requires a secondary DATA channel.
For some, these drawbacks are enough to scare them away from FTPS and toward another option. Others realize that despite the perceived drawbacks that this is still the best way to safely and securely transmit data via the internet.
What are some of the top hosting companies offering FTPS access?
It is good to check on FTPS access with any host you are considering, but some of the best include: Site5, DreamHost, A Small Orange, DailyRazor, HostDeal, 1 & 1, and BlueFur.
Is FTPS access the same from one hosting company to the next?
There may be some slight differences as you change from one hosting company to another, but the basics of FTPS access remain the same. In its simplest form, this is always a security extension.
About Tom Riecken
Tom has worked as a web developer and data analyst. He is involved with several global and local "futurist" organizations, where he often facilitates discussions about the social impact of technology. His strongest recreational interests include spaceflight, astronomy, and realistic science fiction. He lives in Washington.