On Fri, May 28, 2004 at 10:39:13AM +0000, Jules Richardson wrote:
> Bottom line to me is that HTTP is a pretty heavyweight and bloated
> protocol, whereas FTP is a lot cleaner. So for raw data transfer I'd
> always prefer an FTP server.
Well, HTTP has a lot of options. But the basic protocol is quite simple.
It is no problem to send a HTTP request to a HTTP server with telnet.
There are HTTP server written in Bourne shell script and ...
> Password security is an issue because it's perhaps not as good as HTTPS
> - but then with HTTPS aren't we getting into pay-through-the-nose server
> certificate territory?
What is the problem with certificates? You can generate a self signed
certificate yourself.
> It's worth thinking about what may be between your clients and servers
> too. HTTP data is much more likely to be transparently cached somewhere
> along the line (which may have security implications),
SSL can prevent this.
> one where the server tells
> the client what port to connect to for a transfer and the client then
> opens a connection to that port on the server. The latter method really
> messes up firewalls :)
Yes. There are firewalls that can do statefull filtering. They listen to
the FTP controll stream, filter out what ports need to be opend and let
data through. This is really ugly.
> REST is fantastic for FTP and was historically a big reason why I hated
> HTTP servers for file transfer over FTP. However, not all FTP servers
> always support it which is a shame.
I was bitten by this servers too...
> I'm actually very anti-HTTP to be honest. Great for what it was
> originally intended for, but it really bugs me the way current view is
> "the Web is the Internet" and unless something can be hacked to run over
> HTTP then it isn't worth doing.
Agreed. One size doesn't fit all. Diferent tasks - different tools.
> Upload's even more of a mess from what I remember, requiring something
> at the server end (be it Perl, compiled CGI, Java or whatever) to handle
> and save the incoming data stream - i.e. there's no standard for
> actually saving an upload to the filestore.
Because the PUT and DELETE methods are not used / implemented.
> scp? Never used it. How portable is it to different platforms?
I don't know how portable a protocol specification is. ;-)
But there are implementations at least for Unix (like) OSes and M$Win.
The problem with scp is that it makes heavy use of crypto algorithms
that you usually find in quite heavyweight crypto libs.
I don't want to implement this on a PDP-11. ;-(
--
tsch??,
Jochen
Homepage: http://www.unixag-kl.fh-kl.de/~jkunz/
Received on Fri May 28 2004 - 07:21:54 BST