Comparison between FTP and HTTP for file transfer

Posted on

Question :

One question that intrigues me is the transfer of binary files over the internet.

I have experience in using FTP, which eventually went through firewall problems with clients. Another issue defended by sysadmins was about the lack of security of this protocol.

Faced with this there is the alternative of HTTP, which solves the difficulty with the firewall.
But regarding security, performance, limitations, what are the advantages and disadvantages between FTP and HTTP?

Does it make sense to opt for FTP over HTTP?


Answer :

FTP was created exclusively for the purpose of transferring files, the great advantage of this protocol over HTTP is the possibility of “double-handed” transfer without development, natively, if you are in doubt about the 2 I believe your need is to make the files available and your clients will only download without uploading.

For security purposes, the two are similar, eg with respect to the man-in-the-middle attacks, the two will perform similarly, since the transfer is essentially plain text (non-encrypted) in the 2 cases and can be easily intercepted, which can be circumvented with sFTP (ssh) as mentioned by @Miguel or with FTPS (SSL).

I believe that in 99% of cases what dictates the technology to be used is the final need, thus:

If you only need to send files, and these files are not sensitive (non-confidential) I would undoubtedly opt for HTTP for the reason you specified, there are no problems with clients’ firewall.

If your data is confidential, you would choose sFTP (ssh) or FTPS (SSL), properly configured (anonymous user disabled, strong passwords, etc.).

In addition to these options there is also a middle ground, which is to use a secure file exchange platform over HTTPS, recently deployed a client and has fully attended: link


Leave a Reply

Your email address will not be published. Required fields are marked *