Last updated: January 24, 2020
File Transfer Protocol (FTP): Why This Old Protocol Still Matters
Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on this page. Learn more
FTP, or File Transfer Protocol, is one of the standard internet protocols used to transfer data files between a client and a server over a computer network.
It was developed in the early 1970s by Abhay Bhushan while he was a student at MIT. FTP was initially created to allow for the secure transfer of files between servers and host computers over the ARPANET Network Control Program (a precursor to the modern internet).
Over the years FTP has continued to evolve, going through numerous revisions in response to the growth of the internet and the rise of the personal home computer. Today, due to growing concerns over security, FTP is being supported (if not entirely supplanted) by SFTP and FTPS.
That being said, the original file transfer protocol remains one of the fundamental building blocks of computer networking and the modern internet.
FTP: An Overview
At its most basic, the FTP protocol allows for the transfer of data and files between two computers over an internet connection.
The first computer is designated as the “server,” and acts as a storehouse for files and data. The second computer, otherwise known as the “client,” can send files to, or request data from, that server using the FTP protocol.
Initial contact is made over an open port (typically port 21), establishing what is commonly referred to as the “control connection” or “command channel.”
Before initiating any transfer of data, the client first identifies itself to the server. In most cases the authentication process is made using the client’s username and password.
When the authentication process is complete, the server and client will negotiate the opening of a new common port. This is the “data” connection through which the files will be transferred.
The original control connection will remain open and idle until the file has been successfully transferred, or the connection itself is severed.
The FTP protocol predates the modern internet. At the time of its development security was not the issue that it is today, and there are some inherent weaknesses within the basic FTP model.
First, and perhaps foremost, is the transparency of the data and command connections themselves. Neither of these channels is encrypted, leaving them vulnerable to man-in-the-middle attacks.
Moreover, in most cases the data itself is transmitted in plain text, making it easy for a third-party interloper to access sensitive data or steal a client’s user credentials.
The growing need for enhanced data security over the internet has led to basic FTP being augmented, and in some instances replaced, by alternative file transfer protocols such as FTPS and SFTP.
FTPS is a secure variant of the basic FTP protocol, and was created to counter the growing concern over internet security. FTPS relies on the same basic methodology of the older FTP protocol, but adds SSL encryption as a security measure to protect data as it is being transferred between client and server.
In brief, before a client sends its user credentials to the server it requests that an SSL encrypted connection be established for the command channel. Once the SSL encrypted channel is established, the client sends its credentials, authentication is accomplished, and the file transfer can commence.
Throughout the transfer of data the connection between the server and the client remains encrypted. Any attempt by a client to connect to a server without using SSL is denied by the server, and the connection is terminated.
While FTPS is undoubtedly a more secure alternative to basic FTP, and remains widely in use, some industry insiders argue that it, too, is quickly becoming obsolete and are pushing for a move to SFTP.
SFTP is a more recent development in file transfer protocols, and departs from the basic FTP and FTPS models in many respects.
While SFTP still relies on a secure connection to enable file and data transfers between clients and servers, that connection is secured by Secure Shell (SSH) protocols. File transfers are handled in-line over the secured control connection, eliminating the need to open any other ports or channels to complete the data transfer.
Moreover, unlike FTP and FTPS, the SFTP protocol is packet-based as opposed to text-based. This makes file and data transfers using the SFTP protocol much faster, and allows for the transfer of more detailed and robust files.
Finally, the use of SSH protocols makes SFTP inherently more secure as the encryption filters can not be bypassed or turned off using AUTH commands as is common with FTP and FTPS protocols.
FTP, FTPS, and SFTP protocols are essential tools that allow webmasters to transfer files to and from their managed websites. Webmasters can employ an FTP client to facilitate the uploading and downloading of files between their computer and their web-hosting servers.
Some of the more popular, and reliable, FTP Clients currently operating in the industry include:
- FileZilla: a free FTP/FTPS/SFTP solution using open source software to provide a user-friendly experience. In addition to basic file transfer services FileZilla provides tutorials and white papers for their customers.
- WinSCP: a free, open source, FTP and SFTP client built especially for Windows users. In addition to supporting file transfers between local and remote computers, WinSCP provides basic scripting and file managing functions for its users.
- Cyberduck: an open source free FTP client for both Mac and Windows users. Cyberduck supports FTP, FTPS, and SFTP protocols.
- gFTP: designed specifically for use with Linux based operating systems, gFTP is a free and open source FTP client that supports FTP, FTPS, HTTPS, and SSH file protocols.
FTP, along with its variants and alternatives, is a fundamental part of the structure of computer networks and the modern internet. The history, development, and practical use of file transfer protocols involves more than can be contained in this brief overview.
So we’ve put together a list of resources to learn more.
The following online sources should provide greater insight into FTP, FTPS, and SFTP.
- FTP for Beginners: Webmonkey’s online tutorial offers an accessible overview of the basic FTP protocol, with an emphasis on practical applications for Windows, Mac, and Linux users.
- Tutorial: FTP Made Simple: from the UC Berkeley Graduate School of Journalism comes an advanced introduction and overview of the basic FTP protocol, with an emphasis on real world applications.
- An Introduction to FTP (PDF): written by Conrad Chung this article provides a basic introduction to file transfer protocols, including their history and development. Special attention is given to connection and transfer modes, as well as the basic types of encryption.
- Peeling the Onion: FTP ? A Tutorial: Produced by Software Diversified Services, this video tutorial provides an in depth look at secure file transfer with an emphasis on SFTP, FTPS, and SSH protocols.
For further information on file transfer protocols, their history, and applications, the following books should prove useful to both novice and experienced programmers and webmasters.
Because file transfer is such an integral part of web management and computer networking, many of the following publications only cover FTP as part of a larger purview.
- Web Hosting for Dummies by Peter Pollock: available in both print and digital editions, this book provides a substantial introduction to web hosting for beginners. Topics covered include choosing a hosting platform, using built-in databases, and working with FTP clients.
- The Big Book of Internet File Transfer RFCs by Peter Loshin: this study is an in-depth look at FTP, with an emphasis on the mechanics of file transfer and the rules governing the successful application of file transfer protocols. Special attention is given to security issues relating to file transfer and the modern internet. The book is available in both print and digital editions.
- All About Internet FTP Plus: Learning and Teaching to Transfer Files on the Internet by David F W Robinson: this is a more scholarly approach to the subject of file transfer protocols, and is aimed more at experienced programmers and educators.
- FTP Fundamentals by A Waleed: this short ebook provides a very basic overview of file transfer protocols and how they relate to web hosting. Experienced programmers and webmasters may find the book inconsequential, but it should prove helpful to internet novices.
File Transfer Protocol is now more than 40 years old. While it may not seem as revolutionary as it did when Abhay Bhushan first published his work in 1971, it nonetheless remains fundamental to computer networking and the internet as we now know it.
True, growing concerns over security have forced the development of new and improved file transfer protocols, with FTPS and SFTP leading the pack. But FTP laid the groundwork, and continues to operate quietly in the background of the most visiting websites on the internet.
Further Reading and Resources
We have more guides, tutorials, and infographics related to system administration:
- Understanding FTP File Permissions in Linux : maintain control of who has access to your your files with chmod.
- Linux Programming Introduction and Resources: this deep dive into Linux programming gets down into the kernel where all the action is.
- Network Programming with Internet Sockets: learn all about networking on the internet.
The Ultimate List of Webmaster Tools A-Z
There is a lot more to system administration. The Ultimate List of Webmaster Tools A-Z will provide you with a lot of help in doing your work.