Firefox to burn FTP out of its browser, starting slowly in version 77 due in April

Re: "FTP is an insecure protocol and there are no reasons to prefer it over HTTPS"

So its just an operationally difficult to manage, dual port connection protocol, that on some platforms uses an extremely wide number of random ports and if you look at available comments, even without shell, can do nice amount of reconnaissance on the target file system. Add to this even file transfers themselves are not assured delivery unless your tool of choice adds this on.. putting an S on it does not change any of these aspects.

Addressing this as just an "insecure" protocol substantially under-represents its deficiencies, and there are alternatives …

Re: "FTP is an insecure protocol and there are no reasons to prefer it over HTTPS"

"One reason to prefer it over HTTP is that is much easier to manage remote files with FTP than with HTTP - and WebDAV is not exactly a solution - plus not every machine and his e-dog runs a web server."

It has never been easy to manage remote files through any browser. Some allowed you to drag and drop files up over ftp but most were one-way, download only. And no renaming, deleting etc.

And despite its name sftp is a new protocol over a SSH transport layer with remote management functionality. You can't just slap some TLS on the existing ftp protocol to implement it - it is a substantial thing to implement in its own right.

If you want to manage a remote server you should be using a dedicated client. Either the console or something like Filezilla which supports ftp, sftp and scp. Chances are that anyone doing stuff over ftp was already doing that to begin with.

Re: "FTP is an insecure protocol and there are no reasons to prefer it over HTTPS"

A question occurs, is how often do people actually use FTP over other protocols/methods of downloading files? I haven't used FTP knowingly in years and even then usually used a FTP client not a browser. When I have checked my downloads it has been HTTPS for the last several years. So is this a case of Mozilla noticing FTP is used so sparingly that trying to maintain a problematic feature is a waste of time as there are alternatives for the few who actually use FTP.

Re: "FTP is an insecure protocol and there are no reasons to prefer it over HTTPS"

"Sure, FTP is as much insecure as HTTP. So add an S to it to just you did to HTTP and it becomes as secure as well."

You say that - but do you mean SFTP or FTPS? Two very different things.

Re: "FTP is an insecure protocol and there are no reasons to prefer it over HTTPS"

Bolting GOOD encryption, integrity and authentication onto FTP is extremely difficult due to the design of the protocol. You have multiple channels, multiple modes, bidirectional connection establishment, and so much more.

Why would anybody put the effort into bolting, when SFTP and HTTPS both exist, and both can do the same job, if desired.

Re: "FTP is an insecure protocol..."

The clue is in the http://. Presumably somebody couldn't be bothered to change the subdomain name.

Re: Does that mean that hosted servers are not going to use FTP anymore ?

FTP in browsers is download only.

This doesn't stop a website from generating a directory listing of files allowing them to be downloaded using the browser (non-FTP) or applying whatever management functions they want to these files, including uploading new or updated files.

FTPS already exists, as does SFTP. I suspect that LDS was suggesting that rather calling the protocol insecure, compared to HTTP, they could just support secure FTP.

Re: Does that mean that hosted servers are not going to use FTP anymore ?

It's already being done - FTPS already exists.

However, if you are using an upload/download "file-manager" type FTP client, I'd suggest switching to an SFTP client instead of FTPS. The front ends are basically the same, but use sftp underneath. (If your servers ssh doesn't have sftp-server then most clients can emulate it to some extend using scp under the hood, but you shouldn't have that issue)

EDIT: Nick got in there before me!

Re: Does that mean that hosted servers are not going to use FTP anymore ?

SFTP, FTPS, FTP over SSH, SCP. It's a mess but there are options. SFTP seems to be the most common secure mechanism because it runs over port 22 and is handled by the SSH server.

Filezilla would be the most common UI client for doing this although its not the only one. I use it to upload files to a GoDaddy hosted server this way.

Re: Because of MS we are still stuck in the 70's

Replying to my self, well yes i have sunk this low beacause YOU and the ftp protocol sucks the biggest ass!!

How the fuck can i get so many downvotes disliking ftp! the only reason i can think of is pure ignorance! Do you novice scum not know that ftp is an ancient piece of shit? have you ever been tasked of getting that pile of crap through your firewall?

I suspect you are the "click thø pwetty pitures!" kind of ftp users, MORONS!

Re: TFTFY

Except that, as browsers go, there isn't much reason to use FTP from a browser but there are a few reasons for HTTP. FTP can only do downloads from a browser, unless the browser has implemented a client for you, but a standard FTP client can better handle the protocol and offer all the options of that protocol to you. HTTP doesn't do uploads or directory management on its own and is mainly useful for web servers. FTP is unneeded for downloads but can potentially be useful for uploads (and if you're using it for uploads, it can provide some downloads while you're at it). HTTP is needed for downloads of webpages from things like routers which will likely not secure their internal pages (and if they do they'll use a self-signed certificate because there's potential that you can access that page but cannot access the internet). I don't think the protocols are similarly worrisome.

Real Beardies

The REAL Beardies do their command line stuff in hex--on the fly.

Of course we use a 2400baud terminal, if we’re in a hurry. No sense things happening fast; what you need is for one command to run for the time it takes to get to the pub and back.