Re: [fw-wiz] OT: FTP Servers

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 06/07/03

  • Next message: Marcus J. Ranum: "RE: [fw-wiz] OT: FTP Servers"
    To: Paul Robertson <proberts@patriot.net>, John Smith <john.smith@minolta-qms.com>
    Date: Fri, 06 Jun 2003 19:23:52 -0400
    

    Paul Robertson wrote:
    >_Try_ *really* hard to use an HTTP server, FTP is a horrible protocol.

    Paul is absolutely correct. FTP is an evil, bad, nasty, P.O.S. protocol. If
    an intern at Microsoft tried to come up with a file transfer protocol they
    could hardly do as bad a job.

    Here's a completely BOGUS argument you can use for why you should
    not use FTP on a busy web server: because FTP uses a control channel
    and a data channel, it uses 2 sockets for every connection. That's a
    big <cough><choke> performance drain on a busy server.

    ...I've actually said that with a straight face and had people decide to
    use http instead, so what the heck.. ;)

    mjr.

    ---
    Marcus J. Ranum				http://www.ranum.com
    Computer and Communications Security	mjr@ranum.com
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Marcus J. Ranum: "RE: [fw-wiz] OT: FTP Servers"

    Relevant Pages

    • Re: [SLE] ftp and ftp-data
      ... I think that active FTP is a stupid protocol in general ... >> terribly good protocol, esp. ... separate data and control channel (telnet's used on the control ... the server opening up new connections when I've already got a ...
      (SuSE)
    • Re: Ive thought better of Linux
      ... OTOH the ftp spec is a royal PITA. ... >> The FTP protocol specification does seem overly complex in today's ... Yes, that is a royal pain, but in context, the firewall and security ...
      (comp.lang.lisp)
    • RE: Winnt/Win2k Vuln ?
      ... specifying the underlying protocol, ... expect file system requests to be carried over the web. ... And you should need a separate client for FTP. ... A web BROWSER, also by definition, BROWSES the web. ...
      (Vuln-Dev)
    • Re: Does OpenSSH use RCP?
      ... It's not "if I want to", it's rtfrfc: show me separate protocol ... I didn't say FTP was ugly, I said lack of another layer between ... >> One connection - one application model doesn't work, ... Same as FTP: multiple connections per session. ...
      (comp.security.unix)
    • Re: Ive thought better of Linux
      ... >>> The FTP protocol specification does seem overly complex in today's ... >> We don't allow telnet, ftp or any of the r* tools to traverse the ... However, many of the windows ...
      (comp.lang.lisp)