• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 877
  • Last Modified:

How insecure is FTP?

How exposed are the FTP transmissions if the only protection is a user ID and password, but the transmissions are not encrypted?

And how hard or easy is it to find an arrangement where it is encrypted?

Can anyone suggest an ASP.NET ISP which offers secure FTP?  And what FTP programs would support secure FTP?  Or what other technologies should I consider besides FTP?

2 Solutions
The payload information is not encruypted, therefore anyone that can intercept the packets can reproduce the information.  

For alternatives, I suggest ssh which allow sftp or scp.      Programs like filezilla, winscp, or wsftp can be used.

I don't have personal experience with ISP's that use asp.net.   But most of them do offer access to your account via ssh.  Take a look.
newbiewebSr. Software EngineerAuthor Commented:
I actually have FileZilla and use it for FTP.

So if I dig up an ISP that supports ssh, is it pretty easy to configure?

As chingmd said, FTP offers no security aside from basic authentication, and should be avoided whenever possible.  The username and password are sent in the clear, so anyone who can capture your traffic can capture your login credentials as well.  Ditto for files.

My favorite FTP / SFTP client is SmartFTP.  Try it, you'll be glad you did.

If by ISP you mean web hosting, then I can't personally recommend any (I use PHP mostly, with some Python, Perl, and Java where appropriate).  However, searching on Google I found http://www.webhostingbluebook.com/ , which lists its "Top 10" web hosting services.  After looking at each one, the ones that support ASP are:
HostGator (http://www.hostgator.com/ ): Supports Chilisoft ASP (a Sun implementation of ASP compatible with Unix, not ASP.net)
GoDaddy.com (http://www.godaddy.com/gdshop/hosting/shared.asp?isc=cjchst001b ): supports ASP and ASP.net 1 & 2
LunarPages.com (http://www.lunarpages.com/best-hosting.php ): supports ASP as an add-on feature
IXWebHosting (http://www.ixwebhosting.com/index.php/v2/pages.dspmain ): Apparently already has support for ASP v3, which may either mean they're really on the ball, or that going with them is risky because they support technologies that aren't stable.  You'd ahve to be the judge.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Tackle projects and never again get stuck behind a technical roadblock.
Join Now