FTP stands for File Transfer Protocol. On a website, if you want to share files with others, the most convenient way is to upload the files to an FTP server, and others can download the needed files using an FTP client program.
FTP transfers files through specific ports. The required ports are generally:
1. Control Link—TCP Port 21. The controller side. Used to send commands to the server and wait for server responses.
2. Data Link—TCP Port 20. The data transfer port. Used to establish a data transfer channel. Mainly used for sending a file from client to server, sending a file from server to client, and sending file or directory listings from server to client.
To adapt to different network environments, FTP supports two modes: Active mode and Passive mode. Both modes are primarily for the data link and are unrelated to the control link.
FTP Security Vulnerabilities:
1. Vulnerabilities in FTP server software.
2. Plaintext passwords.
3. FTP banners.
4. Port scanning via the FTP server.
5. Data hijacking.
FTP Security Strategies:
1. Use relatively more secure systems and FTP service software.
2. Use encrypted transmission for usernames and passwords.
3. Change the service software’s banner.
4. Strengthen protocol security.
SFTP is the abbreviation for Secure File Transfer Protocol, which is a secure file transfer protocol. It provides a secure encryption method for transferring files. Its syntax and functionality are almost identical to FTP.
SFTP is part of SSH, and it is a secure way to transfer files to a Blogger server. It does not have its own standalone daemon process; it must use the sshd daemon to complete the corresponding connection operations. So, in a sense, SFTP is less like a server program and more like a client program. SFTP also uses encryption to transmit authentication information and transferred data, so using