File eXchange Protocol

Last updated

File eXchange Protocol (FXP or FXSP) is a method of data transfer which uses FTP to transfer data from one remote server to another (inter-server) without routing this data through the client's connection. Conventional FTP involves a single server and a single client; all data transmission is done between these two. In the FXP session, a client maintains a standard FTP connection to two servers, and can direct either server to connect to the other to initiate a data transfer. The advantage of using FXP over FTP is evident when a high-bandwidth server demands resources from another high-bandwidth server, but only a low-bandwidth client, such as a network administrator working away from location, has the authority to access the resources on both servers.

Contents

Risk

Enabling FXP(.RVL) support can make a server vulnerable to an exploit known as FTP bounce. As a result of this, FTP server software often has FXP disabled by default. Some sites restrict IP addresses to trusted sites to limit this risk.

FXP over SSL

Some FTP Servers such as glFTPd, cuftpd, RaidenFTPD, drftpd, and wzdftpd support negotiation of a secure data channel between two servers using either of the FTP protocol extension commands; CPSV or SSCN. This normally works by the client issuing CPSV in lieu of the PASV command—or by sending SSCN prior to PASV transfers—which instructs the server to create either a SSL or TLS connection. However, both methods—CPSV and SSCN—may be susceptible to man-in-the-middle attacks, if the two FTP servers do not verify each other's SSL certificates. SSCN was first introduced by RaidenFTPD and SmartFTP in 2003 and has been widely[ citation needed ] adopted.[ when? ]

Technical

Although FXP is often considered a distinct protocol, it is in fact merely an extension of the FTP protocol and is specified in RFC   959:

        User-PI - Server A  (Dest)              User-PI - Server B  (Source)         ------------------                      ------------------                 C->A : Connect                          C->B : Connect         C->A : PASV         A->C : 227 Entering Passive Mode. A1,A2,A3,A4,a1,a2                                                 C->B : PORT A1,A2,A3,A4,a1,a2                                                 B->C : 200 Okay         C->A : STOR                             C->B : RETR
                   B->A : Connect to HOST-A, PORT-a

Related Research Articles

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

Uploading refers to transmitting data from one computer system to another through means of a network. Common methods of uploading include: uploading via web browsers, FTP clients, and terminals (SCP/SFTP). Uploading can be used in the context of clients that send files to a central server. While uploading can also be defined in the context of sending files between distributed clients, such as with a peer-to-peer (P2P) file-sharing protocol like BitTorrent, the term file sharing is more often used in this case. Moving files within a computer system, as opposed to over a network, is called file copying.

The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data connections between the client and the server. FTP users may authenticate themselves with a plain-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).

In computing, the SSH File Transfer Protocol is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capabilities, and is seen as a replacement of File Transfer Protocol (FTP) due to superior security. The IETF Internet Draft states that, even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications.

Secure copy protocol (SCP) is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol. "SCP" commonly refers to both the Secure Copy Protocol and the program itself.

SFTP may refer to:

sftp is a command-line interface client program to transfer files using the SSH File Transfer Protocol (SFTP), which runs inside the encrypted Secure Shell connection.

lftp Free software command-line client for several file transfer protocols

lftp is a command-line program client for several file transfer protocols. lftp is designed for Unix and Unix-like operating systems. It was developed by Alexander Lukyanov, and is distributed under the GNU General Public License.

FTPS is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer cryptographic protocols.

This article lists communication protocols that are designed for file transfer over a telecommunications network.

<span class="mw-page-title-main">WinSCP</span> File transfer software for Windows

WinSCP is a free and open-source file manager, SSH File Transfer Protocol (SFTP), File Transfer Protocol (FTP), WebDAV, Amazon S3, and secure copy protocol (SCP) client for Microsoft Windows.

<span class="mw-page-title-main">FlashFXP</span>

FlashFXP is a proprietary FTP client with a simple Windows-based GUI. FlashFXP supports both client-to-server and server-to-server (FXP) transfers, in addition to SCP/SFTP.

SmartFTP is a network file transfer program for Microsoft Windows that supports file transfer via FTP, FTPS, SFTP, WebDAV, Amazon S3, Google Drive, Microsoft OneDrive, Box, Google Cloud Storage and Backblaze B2 protocols. It supports SSL/TLS, IPv6 and FXP, and features a transfer queue, proxy and firewall support, multiple connections, chmod features and drag-and-drop. The software uses the Windows API for its interface. It is available for both IA-32 and x64 editions of Windows.

eSSH Client is a multi task client that supports many different protocols, such as SSH, SFTP, FTP, FTPS, SCP, and RExec. It also supports FTP over SSL. eSSH Client has a rich GUI design that allows multiple access channels at the same time, and has an internal window design that allows all the connections to be viewed from within a main window. It also has a tabbed Secure Shell window with named sessions.

glFTPd is a freely available FTP server which runs on Unix, Linux, and BSD operating systems. It has number of features, like logins restricted by a particular set of IP addresses, transfer quotas per-user and per-group basis, and user/groups not stored in the system files, which make it attractive to private warez servers, including topsites. It does have legitimate uses though—a number of web development books recommend it amongst other general purpose FTP servers, and some Linux certification exams of SAIR required knowledge of it. It can integrate with Eggdrop through IRC channels.

CrushFTP is a proprietary multi-protocol, multi-platform file transfer server originally developed in 1999. CrushFTP is shareware with a tiered pricing model. It is targeted at home users on up to enterprise users.

WISE-FTP is an FTP client for Microsoft Windows that is developed and distributed by the German company AceBIT, located in Darmstadt. Apart from using the normal FTP protocol, Wise-FTP supports the SSH (SFTP) and FTPS (FTP/SSL) protocols, as well as the SSL and TLS cryptographic protocols. Transfers can be carried out via drag and drop, as the program interface is based on Windows Explorer.

Core FTP LE is a freeware secure FTP client for Windows, developed by CoreFTP.com. Features include FTP, SSL/TLS, SFTP via SSH, and HTTP/HTTPS support. Secure FTP clients encrypt account information and data transferred across the internet, protecting data from being seen, or sniffed across networks. Core FTP is a traditional FTP client with local files displayed on the left, remote files on the right.

Bitvise is a proprietary secure remote access software developed for Windows and available as a client and server. The software is based on the Secure Shell (SSH) protocol, which provides a secure channel over an insecure network in a client-server architecture.

References

This "protocol" is standardized as a subset of RFC 959 by the IETF as:

See also

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.