w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Web hosting providers support full FTP access, but is it secure?

If you can passively sniff the traffic you see username and password used by the FTP user in clear, unless the client uses FTPS. This is about the security you get with plain telnet (instead of SSH) or authorized access to mail servers which are not protected by TLS (most providers now offer TLS).

Once you have the credentials you can compromise the account. This is not only deleting the data (i.e. denial of service), but grab any sensitive data, manipulate data to spread false information etc. If the credentials are also usable for SSH an attacker can log into the system as an unprivileged user and from there it is often not far away to a whole system compromise. Also, the same credentials are often used to access the users email so you can compromise this too.

Which means, yes, it is completely insecure.

Apart from that, don't mix up FTPS and SFTP. FTPS is the FTP protocol with TLS extended, while SFTP is file transfer over SSH. Some clients like FileZilla support both and if you have the choice prefer SFTP because it is much less hassle with firewalls.





© Copyright 2018 w3hello.com Publishing Limited. All rights reserved.