Published on 14 Apr 2020
Let’s start with a fun fact: FTP has been around for nearly 50 years – and because of that, there are lots of flavors and variations of the protocol. There’s plain old FTP – File Transfer Protocol – but there’s also FTPS, FTP-SSL, and SFTP. Many people ask: How do they differ?
At a basic level, FTP is a protocol that has one server and many clients that connect to the server in order to transfer files from one system to another. The client(s) then log into the server to execute commands. Commands allow you to move around the file tree, download files, upload files, move directories, delete, and much more. In the early days of the ARPAnet / Internet, this was revolutionary because you could take files and move them over great physical distances – even large files. FTP is not complicated, but it’s exceedingly powerful and has stood the test of time.
The first FTP client applications were command-line programs developed before computers had graphical user interfaces. Such applications are still shipped with Windows, Linux, and Unix-based operating systems today.
FTP helps send files by transmitting information quickly and reliably so you can transfer large files online. File transfer protocol is commonly used for transferring large files between a client and a server. You can use FTP to exchange files between computer accounts, transfer files between an account and a desktop computer or access files in online storage.
As great as FTP was at the time, it lacked security measures to encrypt usernames and passwords or other data going across the protocol. Thus FTPS and SFTP were made to build security measures directly into the protocol.
Decades later, we have services like Dropbox or Box that use their own protocols to move files around on the internet. You may ask yourself – why not just abandon FTP entirely and let companies use their own protocols? Here are a few reasons:
FTPS, also known as FTP-SSL, is a more secure form of FTP. FTPS is basic FTP with security added to commands and data transfer. Special security protocols TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are cryptographic and provide encryption of data to protect your information as it moves from point A to point B, including username/password.
FTPS is to FTP much like HTTPS is to HTTP: an added layer of security while keeping the original protocol relatively unchanged.
SFTP, also known as SSH FTP, encrypts both commands and data while in transmission. This means all your data and credentials are encrypted as they pass through the internet. If you’ve ever used a Unix-based system, you’re likely familiar with SSH. It’s a protocol that allows you to remotely connect to other systems and execute commands from the command line. SSH is how most servers in the world are administered, so the protocol had to be very secure. SFTP was created as an extension of SSH to transfer files through the secure channel (SSH).
Unlike FTP and FTPS, SFTP protocol is packet-based as opposed to text-based. This makes file and data transfers using the SFTP faster than other secure FTP connections.
Learning about the different protocols might seem daunting. We’ve compiled a shortlist of the differences — advantages and disadvantages that can help clarify which protocol would be best for your use.
The oldest protocol, works with most systems
Data sent is not encrypted, including files
Faster than HTTP or email
Passwords and usernames are in plain text making it simpler for an unauthorized user to gain access
No limits for file size
Limited mobile device access
Transfers multiple files and directories at one time
Activity notifications are nearly impossible to create
Supports file resumes
Can create multiple levels of access
Easy to use
It is encrypted
Does not have a consistent directory site listing format
Commonly understood and utilized
Not all FTP servers support SSL/TLS
Easy to implement
Uses multiple ports, making firewall configuration more complicated
Offers services for server-to-server file transfers based on SSL/TLS
Older FTP servers don’t support SSL
Easily supported by mobile devices
Works in operating systems that have FTP support but not SSH/SFTP clients
Built-in support in .NET Framework
Uses only one port, so it’s easy to use behind a firewall
The interaction is binary and cannot be logged as-is for human reading
The connection is constantly protected
No server-to-server copy and recursive directory site elimination operations
The directory site listing is consistent and machine-readable
No integrated SSH/SFTP assistance in VCL and .NET structures
SFTP is supported by Linux and UNIX servers by default
More options than any other system
Can perform file system operations, such as file lock, permission and attribute manipulation, and symbolic link creation
In our opinion, if you are able to use SFTP – use it. FTP is great for legacy devices that don’t support any sort of encryption, but if you have access to encryption, it’s better to use SFTP. You don’t want your files intercepted by a malicious hacker downstream of your machine if you can help it.
Both SFTP and FTPS provide a high level of protection. The biggest difference between these two protocols is how connections are authenticated and managed.
Separate connections for command and file data
Encrypted command and file data connection
Host identity verification
In today’s world of SaaS companies, cloud computing and e-commerce, knowing your options for secure file transfer is important. While we have laid out the main differences between three file transfer protocols, it’s obvious that SFTP and FTPS offer the most security benefits.
FTP brings the speed and reliability that many industries and devices still rely on, and will rely on well into the future. From small files to mission-critical files that run the world, FTP and its secure variants run the world.
Get the best (S)FTP + Modern feature sets – Sign up for ExaVault today!