"FTP" and "FTP server" redirect here. For other uses, see FTP (disambiguation).

F
ile Transfer Protocol (FTP) is a standard network protocol used to copy a file f
rom one host to another over a TCP/IP-based network, such as the Internet. FTP i
s built on a client-server architecture and utilizes separate control and data c
onnections between the client and server.[1] FTP users may authenticate themsel
ves using a clear-text sign-in protocol but can connect anonymously if the serve
r is configured to allow it.
The first FTP client applications were interactive command-line tools, implement
ing standard commands and syntax. Graphical user interface clients have since be
en developed for many of the popular desktop operating systems in use today.

History
The original specification for the File Transfer Protocol was written by Abhay B
hushan and published as RFC 114 on 16 April 1971 and later replaced by RFC 765 (
June 1980) and RFC 959 (October 1985), the current specification. Several propos
ed standards amend RFC 959, for example RFC 2228 (June 1997) proposes security e
xtensions and RFC 2428 (September 1998) adds support for IPv6 and defines a new
type of passive mode.
The File Transfer Protocol was drafted in 1971 [1] for use with the scientific a
nd research network, ARPANET. Access to the ARPANET during this time was limited
to a small number of military sites and universities, negating the need for dat
a security or privacy requirements within the protocol.
As the ARPANET gave way to the Internet, data began to traverse increasingly lon
ger paths from client to server. The opportunity for unauthorized third parties
to eavesdrop on data transmissions proportionally increased.
In 1994, the Internet browser company Netscape developed and released the applic
ation layer wrapper, Secure Sockets Layer.[2] This protocol enables applications
to communicate across a network in a private and secure fashion, discouraging e
avesdropping, tampering and message forgery. While it can add security to any pr
otocol that uses reliable connections (such as TCP), it was most commonly used b
y Netscape with HTTP to form HTTPS.
The SSL protocol was eventually applied to FTP, with a draft Request for Comment
s (RFC) published in late 1996.[3] An official IANA port was registered shortly
thereafter. However, the RFC was not finalized until 2005.[4]
Security
FTP was not designed to be a secure protocol especially by today's standards and has
many security weaknesses. In May 1999, the authors of RFC2577 enumerated the fo
llowing flaws:
* Bounce Attacks
* Spoof Attacks
* Brute Force Attacks
* Packet Capture (Sniffing)
* Username Protection
* Port Stealing

Anonymous FTP
A host that provides an FTP service may additionally provide anonymous FTP acces
s. Users typically log into the service with an 'anonymous' account when prompte
d for user name. Although users are commonly asked to send their email address i
n lieu of a password, no verification is actually performed on the supplied data
[7]; examples of anonymous FTP servers can be found here.
Remote FTP or FTPmail
Where FTP access is restricted, a remote FTP (or FTPmail) service can be used to
circumvent the problem. An e-mail containing the FTP commands to be performed i
s sent to a remote FTP server, which is a mail server that parses the incoming e
-mail, executes the FTP commands, and sends back an e-mail with any downloaded f
iles as an attachment. Obviously this is less flexible than an FTP client, as it
is not possible to view directories interactively or to modify commands, and th
ere can also be problems with large file attachments in the response not getting
through mail servers. As most internet users these days have ready access to FT
P, this procedure is no longer in everyday use.