It seems like Google is making some serious changes in its products, especially Chrome browser to provide users a smooth experience and better security. Last week, the tech and search engine giant announced that Chrome 63 browser update will come with a security feature that will alert users of ‘man in the middle’ attacks (MitM) while Chrome 64 will automatically block annoying autoplay videos.
Once again Chrome 63, due to be released in Dec 2017 is set to flag FTP resources. Mike West, a member of Chome security team announced that we’re planning to label resources delivered over the FTP (File Transfer Protocol (FTP) protocol as “Not secure.”
Review of this article
FTP securityThere are 2 techniques to secure the FTP protocol.
FTPS (File Transfer Protocol Secure) is FTP over ssl and tls. Ssl/tls is in charge of the security by encryption and FTP is used to transfer files. With this technique an authentication certificate can be used to check the server is the correct one.
SFTP (SSH File Transfer Protocol) is FTP over SSH. SSH is used to create the encryption channel and FTP is used to create the protocol transferring files. It is far less used than FTPS.
Keep FTP protocol ?FTP is not very used anymore and is replaced by other techniques.
One technique is an http extension called Webdav. This protocol is installed on Nextcloud for instance. As it uses http, it comes natively with all https advantages. A Webdav request can by cached by proxies, the speed can be improved with http2 and hsts can be used to ensure every request is made over ssl. The development of Webdav solutions can be integrated with other http libraries. The development ecosystem is far bigger with much more opportunities and possible functionalities.