|
|
|
|
|
|
by weare138
2279 days ago
|
|
|
> The "installed base" of web-accessible FTPS and SFTP resources is essentially zero Well that's true of SFTP, browsers don't support that protocol but I think they should. But FTP is still ubiquitous on the internet and most browsers like FF already support FTPS. To me it would make more sense to deprecate FTP like HTTP and warn users when their logging in over an insecure protocol than just kill the feature all together, especially if one of the primary reasons is because "Google did it". FTPS uses the same URI as FTP (ftp://). FTPS is common now, most people don't even realize they're using it. There are those of us that still need to deal with FTP and being able to click on a link in the browser rather than use a separate FTP client is just convenient. Just make it an optional feature and disable it by default. |
|
|
They should not. SSH -- which is used as the transport for SFTP -- is a rather large and complex protocol. Implementing it in browsers would significantly increase their network attack surface, while providing few (if any) new capabilities. (What does SFTP provide to the browser that isn't possible with HTTPS?)
> FTPS is common now, most people don't even realize they're using it.
Can you give an example? There are no major web browsers which currently support FTPS -- it is not present in Chrome, Mozilla, nor Internet Explorer.