Site Admins - particularly those who have used web content management systems for many years - often ask if it’s possible to receive an FTP (file transfer protocol) login in order to upload and download files directly to and from Finalsite’s servers.
This is not possible, for several reasons.
- FTP is inherently insecure.
FTP makes transferring files to your website as easy as transferring them between folders on your hard drive. This simplicity comes with a drawback, though: in order to work universally on the web, FTP does not include any encryption features. All FTP connections between a server and an end user are completely unsecured, which means that an observer on the same network (such as a wifi hotspot) can view all traffic sent or received via FTP - including usernames and passwords.
Granting an FTP login also represents a vulnerability for Finalsite’s servers, because such logins would allow anyone who obtained the credentials to upload anything to shared storage resources, even executable programs (possibly malicious ones). Because Finalsite wouldn’t have any oversight as to the security of those FTP login credentials, this would represent a troubling liability for us.
- FTP practicality is limited.
The ability to easily upload files via FTP quickly uncovers a drawback of folder-based storage for web content: once published, files cannot be moved or renamed without becoming inaccessible. This is because the file’s web address is derived in part from the filename and the folder where it’s saved. If the file is renamed or moved, its URL will change and will no longer match what was initially published.
- FTP is not reliable.
Particularly with large files such as videos, FTP is more failure-prone than systems that were designed from the ground-up to transfer files. (FTP transfers all files using connections designed to transfer web pages, which are relatively small snippets of text.)
- FTP does not provide robust auditing or logging data.
FTP doesn’t log comprehensive data about which users perform which actions in managing files. This may not meet the requirements of current or forthcoming laws about data security, such as the EU’s GDPR, which is set to take effect in the spring of 2018.
Finally, if you have been thinking about FTP as a way to move files in bulk, Finalsite can assist with that as well. Contact your Client Success representative to learn more about Finalsite’s Content Migration services for bulk data transfers.