SFTP Securely Shares Files ...
... without needing a whole monster product using SQL databases and such. Let's reduce the attack surface, natch?
Security researchers and the US government have sounded the alarm on a flaw in Progress Software's MOVEit Transfer that criminals have been "mass exploiting" for at least a month to break into IT environments and steal data. Progress disclosed some info about the SQL-injection vulnerability in its multi-tool file-transfer …
SFTP requires a client, MoveIt Transfer doesn't, SFTP also doesn't provide an audit trail and a lot of other features that are needed and useful so that non technies can administer it. You could add them in and, oh, you now have MoveIt Transfer. It also works on ports 80 and 443, sadly those are the ports that were exploited.
It's a lot more than a file transfer program. I like it and until now it's been good. We'll patch and see how it goes.
Yep I'm sure MOVEit is great but look where that convienience has got you now.
SFTP is just a protocol, you can dress is up in any costume you want. I've coded an SFTP executions using industry grade libraries for the last 10 years. I always put full logging, dump out all the metadata into JSON and I even add a web interfaces for anyone to inspect the transfer logs. You can run SFTP over any port you like, it doens't have to be port 22, move it to a port of your choice, same with SSH, that doesn't have to be port 22 and to be honest you're best off moving it as it's the first port the scum will attack after they do you on 80 and 443. Where I am we use SFTP to move about half a million files a week between dozens of hosts, it's a very robust protocol.