Closed Bug 1219201 Opened 9 years ago Closed 8 years ago

Add FTPS support to FTP

Categories

(Core Graveyard :: Networking: FTP, enhancement)

Product:
Core Graveyard
Component:
Networking: FTP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 85464

People

(Reporter: mark, Unassigned)

Details

This is filed as a follow-up from https://bugzilla.mozilla.org/show_bug.cgi?id=1174462#c23 where :dougt indicates that the FTP protocol support is insecure (no SFTP support). Considering the protocol support isn't going anywhere anytime soon, this should likely be enhanced.

Mixing up the acronyms here, of course (guilty of that as well, myself), since I'm sure what would be meant is FTP over TLS (FTPS), and not the SSH file transfer protocol?

FTPS is available in 2 flavors: implicit (STARTTLS on the normal port) and explicit (port 990). This would be a great option to have to prevent credentials from leaking if they are passed. Of course, general use of FTP in the browser would be accessing and downloading public files, but still a desirable enhancement there for some situations.

Possible pitfall: many FTPS certs are self-signed, so need confirmation or just be accepted as-is (encryption is important here, auth much less so)
See Also: → 1174462
We are in a period where ftp is clearly deprecated and in general, making changes to the code is riskier than letting it ride unless there is a patch and reviewer available to make a good judgment about it. So I'm going to wontfix ftp bugs related to enhancements, interop errors, etc.. We will be better off putting our energy into including a different js based ftp stack.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.