From owner-freebsd-security Wed Jun 13 8:14:16 2001 Delivered-To: freebsd-security@freebsd.org Received: from diarmadhi.mushhaven.net (diarmadhi.mushhaven.net [209.16.107.11]) by hub.freebsd.org (Postfix) with ESMTP id CF4E037B414 for ; Wed, 13 Jun 2001 08:13:58 -0700 (PDT) (envelope-from mistwolf@diarmadhi.mushhaven.net) Received: (from mistwolf@localhost) by diarmadhi.mushhaven.net (8.11.4/8.11.4) id f5DFEL600924 for freebsd-security@FreeBSD.ORG; Wed, 13 Jun 2001 11:14:21 -0400 (EDT) (envelope-from mistwolf) Date: Wed, 13 Jun 2001 11:14:21 -0400 From: Jamie Norwood To: freebsd-security@FreeBSD.ORG Subject: Re: OT: FTP almost gone now? (was: Re: IPFW almost works now.) Message-ID: <20010613111421.A777@mushhaven.net> References: <200106131442.f5DEgNB10141@cwsys.cwsent.com> <3B278030.3020305@lmc.ericsson.se> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B278030.3020305@lmc.ericsson.se>; from Antoine.Beaupre@ericsson.ca on Wed, Jun 13, 2001 at 11:01:04AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jun 13, 2001 at 11:01:04AM -0400, Antoine Beaupre (LMC) wrote: > Cy Schubert - ITSD Open Systems Group wrote: > > On virtually every mailing list I'm on I've been advocating the > > deprecation of FTP, only to get flamed by advocates of FTP. The reason > > FTP is still used is because people want to use it. Until the majority > > can be educated (convinced) it will continue to be used. Code (CGI > > scripts, etc.) to perform uploads would be the start of the demise of > > FTP. My main issue is that noone has yet given me a good reason WHY FTP should be depreciated. All I keep hearing is most people saying 'Because HTTP is better, though it needs to be fixed to do what FTP does', and a few feeble cries of 'It's more secure to just have one service doing both, and since Apache is more secure than FTP (Assuming, of course, you use it in stock form and don't turn anything special on!), we should drop FTP!'. Noone has addressed my concerns at all, and seem to mostly ignore them. Just to be inflamatory about it, it is a common tactic when people are presented with an argument they don't know how to counter, to just ignore it. My main concern is the facts that, first off, HTTP doesn't, in most of it's current incarnations (Both client, and server), have an easy and sane way to handle uploading files, securely or otherwise. My secondary concern is ease of use. FTP is extremely easy to use, and powerful at the same time. It has many well-written text-based applications for it's use. HTTP has Lynx and Links, neither of which is adequet. Both rely on having high-quality terminal emulation with no quirks, a rare thing. I can pull up 'ftp' on any client, anywhere, and not have to worry that curses/ncurses/xterm/whatever will not like some of it's code. I've yet to see Lynx not look bad, and Links isn't much better. Tertiarily, there is the concept of statefulness. HTTP is stateless, which is well and good for people behind firewalls and such, but FTP is stateful. This allows us to be MUCH more interactive with the server. HTTP is nice, for what it does. It is a good 'Hyper Text Tansfer Protocol'. And FTP is a good 'File Transfer Protocol'. Yes, HTTP can transfer files, but it is not a suitable replacement for FTP. And I have, again, not heard anyone who is advocating ditching FTP give any realistic and practical reason why FTP is so evil. FTP does what it does very well, and should be allowed to continue to do so. Jamie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message