File eXchange Protocol

Last updated

File eXchange Protocol (FXP or FXSP) is a method of data transfer which uses FTP to transfer data from one remote server to another (inter-server) without routing this data through the client's connection. Conventional FTP involves a single server and a single client; all data transmission is done between these two. In the FXP session, a client maintains a standard FTP connection to two servers, and can direct either server to connect to the other to initiate a data transfer. The advantage of using FXP over FTP is evident when a high-bandwidth server demands resources from another high-bandwidth server, but only a low-bandwidth client, such as a network administrator working away from location, has the authority to access the resources on both servers.

Contents

Risk

Enabling FXP support can make a server vulnerable to an exploit known as FTP bounce. As a result of this, FTP server software often has FXP disabled by default. Some sites restrict IP addresses to trusted sites to limit this risk.

FXP over SSL

Some FTP Servers such as glFTPd, cuftpd, RaidenFTPD, drftpd, and wzdftpd support negotiation of a secure data channel between two servers using either of the FTP protocol extension commands; CPSV or SSCN. This normally works by the client issuing CPSV in lieu of the PASV command—or by sending SSCN prior to PASV transfers—which instructs the server to create either a SSL or TLS connection. However, both methods—CPSV and SSCN—may be susceptible to man-in-the-middle attacks, if the two FTP servers do not verify each other's SSL certificates. SSCN was first introduced by RaidenFTPD and SmartFTP in 2003 and has been widely[ citation needed ] adopted.[ when? ]

Technical

Although FXP is often considered a distinct protocol, it is in fact merely an extension of the FTP protocol and is specified in RFC   959:

        User-PI - Server A  (Dest)              User-PI - Server B  (Source)         ------------------                      ------------------                 C->A : Connect                          C->B : Connect         C->A : PASV         A->C : 227 Entering Passive Mode. A1,A2,A3,A4,a1,a2                                                 C->B : PORT A1,A2,A3,A4,a1,a2                                                 B->C : 200 Okay         C->A : STOR                             C->B : RETR
                   B->A : Connect to HOST-A, PORT-a

Related Research Articles

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

Telnet Network protocol for bidirectional communication using a virtual terminal connection

Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).

Email client Computer program used to access and manage a users email

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

Uploading refers to transmitting data from one computer system to another through means of a network. Common methods of uploading include: uploading via web browsers, FTP clients], and terminals (SCP/SFTP). Uploading can be used in the context of clients that send files to a central server. While uploading can also be defined in the context of sending files between distributed clients, such as with a peer-to-peer (P2P) file-sharing protocol like BitTorrent, the term file sharing is more often used in this case. Moving files within a computer system, as opposed to over a network, is called file copying.

The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data connections between the client and the server. FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).

In computing, the SSH File Transfer Protocol is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capabilities. The IETF Internet Draft states that, even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications.

Secure copy protocol (SCP) is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol. "SCP" commonly refers to both the Secure Copy Protocol and the program itself.

FTPS is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer cryptographic protocols.

This article lists communication protocols that are designed for file transfer over a telecommunications network.

WinSCP File transfer software for Windows

WinSCP is a free and open-source SSH File Transfer Protocol (SFTP), File Transfer Protocol (FTP), WebDAV, Amazon S3, and secure copy protocol (SCP) client for Microsoft Windows. Its main function is secure file transfer between a local computer and a remote server. Beyond this, WinSCP offers basic file manager and file synchronization functionality. For secure transfers, it uses the Secure Shell protocol (SSH) and supports the SCP protocol in addition to SFTP.

FlashFXP

FlashFXP is a proprietary FTP client with a simple Windows-based GUI. FlashFXP supports both client-to-server and server-to-server (FXP) transfers, in addition to SCP/SFTP.

SmartFTP is a network file transfer program for Microsoft Windows that supports file transfer via FTP, FTPS, SFTP, WebDAV, Amazon S3, Google Drive, Microsoft OneDrive, Box, Google Cloud Storage and Backblaze B2 protocols. It supports SSL/TLS, IPv6 and FXP, and features a transfer queue, proxy and firewall support, multiple connections, chmod features and Drag-and-drop. The software uses the Windows API for its interface. It is available for both IA-32 and x64 editions of Windows.

CrushFTP is a proprietary multi-protocol, multi-platform file transfer server originally developed in 1999. CrushFTP is shareware with a tiered pricing model. It is targeted at home users on up to enterprise users.

Sysax Multi Server is a Secure FTP Server and a SSH2 Secure Shell Server for the Windows operating system. Web browser-based secure HTTPS file transfers and Telnet access is also supported. The software is certified for Windows Vista, and tested to be compatible with Windows 7/8. The software is also certified for Windows Server 2012 and runs on all 32 and 64 bit editions of Windows including Windows Server 2008. The Personal edition of the software which includes SSH2/SFTP support is free for non-commercial use.

Sysax FTP Automation is a Secure file transfer automation program for the Windows operating system. It consists of a script generation wizard, script editor and debugger, and a task scheduler. It also contains a secure command line FTP Client program called sysaxftp.exe that is a secure drop-in replacement for the ftp.exe command line program. In addition to FTP, secure file transfer using SSL/TLS (FTPS) and SSH2 (SFTP) are supported. The software is certified for Windows Vista, and tested to be compatible with Windows 7. The software is also certified for Windows Server 2012 and runs on all 32 and 64 bit editions of Windows from Windows 2000/Windows XP to Windows 8/Windows Server 2012. The Personal edition of the software is free for non-commercial use.

ZOC (software)

ZOC is a popular computer-based terminal emulator and Telnet software client for the Microsoft Windows and Apple Macintosh macOS operating systems that supports telnet, modem, SSH 1 and 2, ISDN, serial, TAPI, Rlogin and other means of communication. Its terminal emulator supports Xterm emulation with full colors, meta-keys and local printing, VT102, VT220 and several types of ANSI as well as Wyse, TVI, TN3270, and Sun's CDE. It supports full keyboard remapping, scripting in REXX and other languages, and support for named pipes.

OpenSSH Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

UploadFTP was an FTP/SFTP/FTPS/FTPES/FXP client for Windows, developed by Brightek Software. The product has been discontinued, and the company website is no longer online. UploadFTP is shareware – after a fourteen-day trial period, the product should be purchased. Freeware version UploadFTP Free is also available with some restrictions.

References

This "protocol" is standardized as a subset of RFC 959 by the IETF as:

See also

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.