How insecure is FTP?

Posted on 2007-10-02
Last Modified: 2013-12-02
How exposed are the FTP transmissions if the only protection is a user ID and password, but the transmissions are not encrypted?

And how hard or easy is it to find an arrangement where it is encrypted?

Can anyone suggest an ASP.NET ISP which offers secure FTP?  And what FTP programs would support secure FTP?  Or what other technologies should I consider besides FTP?

Question by:newbieweb
    LVL 9

    Accepted Solution

    The payload information is not encruypted, therefore anyone that can intercept the packets can reproduce the information.  

    For alternatives, I suggest ssh which allow sftp or scp.      Programs like filezilla, winscp, or wsftp can be used.

    I don't have personal experience with ISP's that use   But most of them do offer access to your account via ssh.  Take a look.

    Author Comment

    I actually have FileZilla and use it for FTP.

    So if I dig up an ISP that supports ssh, is it pretty easy to configure?

    LVL 9

    Assisted Solution

    As chingmd said, FTP offers no security aside from basic authentication, and should be avoided whenever possible.  The username and password are sent in the clear, so anyone who can capture your traffic can capture your login credentials as well.  Ditto for files.

    My favorite FTP / SFTP client is SmartFTP.  Try it, you'll be glad you did.

    If by ISP you mean web hosting, then I can't personally recommend any (I use PHP mostly, with some Python, Perl, and Java where appropriate).  However, searching on Google I found , which lists its "Top 10" web hosting services.  After looking at each one, the ones that support ASP are:
    HostGator ( ): Supports Chilisoft ASP (a Sun implementation of ASP compatible with Unix, not ( ): supports ASP and 1 & 2 ( ): supports ASP as an add-on feature
    IXWebHosting ( ): Apparently already has support for ASP v3, which may either mean they're really on the ball, or that going with them is risky because they support technologies that aren't stable.  You'd ahve to be the judge.

    Featured Post

    Shouldn't all users have the same email signature?

    You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

    Join & Write a Comment

    Suggested Solutions

    Have you ever stumbled upon a software that is so great that you just love? It happened to me. Love at first sight. Filezilla Server.   Ok its not the most advanced ftp server I've came across. But its a fairly simple piece of software to get the …
    Please see preceding article here: Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
    Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now