Our Authored Series space this time features Praveen Umanath, Product Head at BigRock. He’s the one who gives BigRock it’s face, making sure that it’s a smooth running, well-oiled machine sans errors. Read on to know his views on why BigRock uses FTPS instead of Plain FTP.
Why doesn’t BigRock support Plain FTP? If I had a rupee for every time I have been asked that question, I would be a rich man!
First off, before we get into the why, let me cover briefly the uses of FTP and the different FTP methods, or “protocols” that are used today.
FTP (File Transfer Protocol) was invented to facilitate the transfer of files between a client (you) and a server (your hosting package). Thus, whenever you need to upload content to your website/hosting package, you will need to use some form of FTP. You can also download files via FTP. Let us now go over the different ways in which an FTP connection can be made.
Plain FTP – The most common method is through what we call a “Plain” FTP connection. While this method is often the default, it has one major drawback. Since a plain FTP connection is un-encrypted, all communication and data is sent as plain text. Hence, a malicious user can “sniff” out your username and password, and easily hijack your connection. Armed with this information, a malicious user can easily deface your website and steal sensitive information about your business.
FTPS – In order to counter the threat outlined below, a secure and encrypted FTP connection can be used. This is commonly called FTP over SSL (FTPS) or FTP over Explicit TLS (FTPES). In this form of FTP, all communication and data are encrypted, making it very difficult, if not impossible, for a malicious user to hijack your FTP connection. This is the method that BigRock supports.
SFTP – SFTP, or Secure FTP, is actually not a FTP protocol, but is often categorized as a form of FTP. SFTP actually uses SSH (Secure Shell) to allow for the transfer of files. It is NOT FTP over SSH, but a protocol designed from the ground up around SSH to allow secure transfer of files. BigRock is working hard to add support for this protocol, so customers will soon have another way to securely transfer files to and from their hosting packages.
In summary, we at BigRock feel that only allowing FTPS (and soon SFTP) is in the best interests of you, our customer. Do you have any qualms or suggestions on this? Let us know your thoughts in the comments section below 🙂