Under the Desktop: Moving Client Files Safely

Anyone who touches a Web site is familiar with the Internet’s File Transfer Protocol (FTP). It’s the standard way remote servers send and receive files. In fact, it’s become a verb in our community: “I’ll ftp it,” is a common expression. At the same time, most professional designers with corporate clients also use the protocol to deliver very large layouts. However, evolving security extensions to FTP may make some changes to your workflow.

FTP is a standard Unix service, or underlying technology, that moves files between server directories and connected machines. Those files can be Web content from a content creator or any ol’ file, such as logs, databases, or even an application. In ancient times users could tap this service through a command-line interface (you can still do this today, if you are so inclined or Unix-crazed).

Good Client Relationships
While some hardy individuals may want to rough it and access FTP through the command-line interface, it’s much easier to use client software. This also offers the advantage of a graphical interface and depending on the software, varying degrees of integration with your operating system of choice.

For example, some clients support drag and drop for items between the remote directories and your standard Mac or Windows files and folders. (Depending on the connection, Windows XP can also present an FTP directory as a standard folder.)

Another popular feature found in some of these programs is synchronization of local and remote folders. This is also a capability of many Web development environments, such as Macromedia Dreamweaver, which come with a built-in FTP client. Some clients provide support for a range of IP services, such as Ping (a protocol that tells you the status of a particular Internet address) or Traceroute (a way to uncover all the steps a packet takes when moving from your computer to a remote server and back again). Some of these tools can be found in standalone programs, such as the free Network Utility that now ships with Mac OS X.

There are numerous clients on the market. A simple search for “FTP clients” on CNET’s Download.com comes up with more than 360 citations, although many of them are updates or add-ons to database programs. Still, there are many FTP products with a wide range of capabilities.

On the Windows platform, many appreciate FTP Voyager, CuteFTP, and WS_FTP Pro, which also has a free “lite” sibling.

Popular Mac clients include Fetch, Interarchy, and RBrowser. The first two support both Mac OS 9 and OS X, while the last is OS X-only.

For many years, I’ve used Stairways Software’s Interarchy (see Figure 1), due mainly to inertia — I purchased its former incarnation, Anarchie, years ago, and have followed the upgrade path to its current OS X version. The program models the Aqua interface and provides a bunch of other IP tools.

Figure 1: Interarchy provides a view of FTP directories that looks just like the Mac OS X Finder. It functions just like it too, supporting drag and drop between the near and remote files. It’s a $45 shareware product.

For A More Secure World
FTP like so many other Internet protocols was developed in a more innocent time, without much thought to strong security. While an FTP connection requires a user ID account and password, that’s not much security nowadays.

In fact, most of us became acquainted with FTP through the so-called anonymous login process that lets users connect automatically to freely available public files. For these logins, the UserID is “anonymous” and the password is your e-mail address.

Standard FTP is insecure, even with passwords. It sends data and passwords in plain text, making it easy for hackers to uncover your information. These jokers will “sniff,” or secretly monitor, a Web address until the real owner logs in to make changes. The hacker then can copy down the details of the login connection, the password, and user name, giving them free access to all of the inner workings of the site.

To defeat these bad guys, network managers can implement varying degrees of security routines on their servers. The security technology can protect both the FTP connection to the server as well as the data that passes between the server and the client system. However, the specific security protocols must be supported in FTP client software.

The most common file transfer security offered is Secure FTP, or SFTP, which is part of a security suite called Secure Shell (SSH) or SSH Version 2. The protocol enables a so-called “tunnel” between the client and server, and prevents the plain-text transmission of passwords.

Other products reference a security standard called the Secure Sockets Layer with Transport Layer Security (SSL/TLS), a different method that protects your user name and password as well as the data you transfer.

So how might this additional security alter your workflow?

Beyond the Basics
Needless to say, nothing in our industry is ever simple. Most FTP clients support only one of these basic security methods, and still others may cherry pick their support within the particular technology. And it can be no surprise that these secure versions sometimes cost more than the plain FTP clients.

You may also need to change your FTP client software. I recently had to make such a switch when I was asked to pick up a file on a server running SSL/TLS. To my dismay, Interarchy supports SFTP. So I installed Glub Tech’s Secure FTP client (see Figure 2); the company offers versions for Windows, Mac OS X, and Linux.

Figure 2: Glub’s Secure FTP client puts a blue window on your desktop with its own menu bar and buttons. The FTP directories show all the files and folders, even the invisible ones.

Secure FTP supports both explicit and implicit SSL connections, a good thing since the network manager told me to make an implicit connection over a specific numbered port. This setup was straightforward and I was able to connect without incident.

The program provides a rather clunky graphical view to the files and folders on my machine and the remote FTP server. But it’s perfectly usable. It presents its own movable and resizable blue “desktop” window with a menu bar and buttons to move up and down the FTP hierarchies. The software isn’t as elegant or integrated with the OS as a program like Interarchy, but it did the job. Thankfully, I only have to use it occasionally.

I suggest content creators take a close look at the security support in their current FTP clients and familiarize themselves with the settings. If your client software is missing one of the major security protocols, then browse the listings at your favorite download site and try some out. When a customer has a rush job that must be picked up or delivered to a secure server, you don’t want to waste valuable creative time on a deadline fussing with FTP client software.

As the rabbinic saying advises us: “Hasty purchases aren’t good.” And that admonition applies to free software as well.