FTP with SSL/TLS in Dolphin
Kevin Krammer
krammer at kde.org
Mon Jan 30 11:06:41 GMT 2017
On Monday, 2017-01-30, 08:26:10, solitone wrote:
> On Monday, January 30, 2017 7:58:10 AM CET Volker Wysk wrote:
> > Am Montag, 30. Januar 2017, 06:42:08 CET schrieb solitone:
> > > Hi, is there a reason why FTP with SSL/TSL (ftps://) has not been
> > > implemented in Dolphin?
> >
> > Shouldn't that bee "sftp://"?
>
> No, that is FTP over SSH, not FTP with SSL/TLS.
Actually that is SFTP, a different protocol, but of course you are right that
it is not FTPS.
Regarding your original question my guess would be that SFTP is just better
and easier to implement because it is newer and specifically addressing the
single secure connection model.
FTP is a very old and weird protocol, basically requiring two connections, one
from the client to the server (control) and one from the server to the client
(data).
There have been extensions to have the client open both connections as reverse
connections are usually blocked by firewalls, but there are still two of them.
SSL can only secure individual connections, so the data on each connection is
secure but there is no safe way to related those two connections to each
other, opening up possibilities for timing related attacks, etc.
Are you working with a specific host that can't do SFTP or SSH at all?
Cheers,
Kevin
--
Kevin Krammer, KDE developer, xdg-utils developer
KDE user support, developer mentoring
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde/attachments/20170130/2c9ea7dd/attachment.sig>
More information about the kde
mailing list