28 May
2004
28 May
'04
8:21 a.m.
On Fri, May 28, 2004 at 10:39:13AM +0000, Jules Richardson wrote:
Bottom line to me is that HTTP is a pretty heavyweight
and bloated
protocol, whereas FTP is a lot cleaner. So for raw data transfer I'd
always prefer an FTP server.
Well, HTTP has a lot of options. But the basic
protocol is quite simple.
It is no problem to send a HTTP request to a HTTP server with telnet.
There are HTTP server written in Bourne shell script and ...
Password security is an issue because it's perhaps
not as good as HTTPS
- but then with HTTPS aren't we getting into pay-through-the-nose server
certificate territory?
What is the problem with certificates? You can generate a
self signed
certificate yourself.
It's worth thinking about what may be between your
clients and servers
too. HTTP data is much more likely to be transparently cached somewhere
along the line (which may have security implications),
SSL can prevent this.
one where the server tells
the client what port to connect to for a transfer and the client then
opens a connection to that port on the server. The latter method really
messes up firewalls :)
Yes. There are firewalls that can do statefull filtering.
They listen to
the FTP controll stream, filter out what ports need to be opend and let
data through. This is really ugly.
REST is fantastic for FTP and was historically a big
reason why I hated
HTTP servers for file transfer over FTP. However, not all FTP servers
always support it which is a shame.
I was bitten by this servers too...
I'm actually very anti-HTTP to be honest. Great
for what it was
originally intended for, but it really bugs me the way current view is
"the Web is the Internet" and unless something can be hacked to run over
HTTP then it isn't worth doing.
Agreed. One size doesn't fit all. Diferent
tasks - different tools.
Upload's even more of a mess from what I remember,
requiring something
at the server end (be it Perl, compiled CGI, Java or whatever) to handle
and save the incoming data stream - i.e. there's no standard for
actually saving an upload to the filestore.
Because the PUT and DELETE methods are
not used / implemented.
scp? Never used it. How portable is it to different
platforms?
I don't know how portable a protocol specification is. ;-)
But there are implementations at least for Unix (like) OSes and M$Win.
The problem with scp is that it makes heavy use of crypto algorithms
that you usually find in quite heavyweight crypto libs.
I don't want to implement this on a PDP-11. ;-(
--
tsch??,
Jochen
Homepage: http://www.unixag-kl.fh-kl.de/~jkunz/