Networking environment’s most common task is to transfer the files/data/information between the hosts on the network. FTP and SFTP are the file transferring protocols. Transferring the files over the network in the plain text format can raise the security concern. The FTP protocol was introduced when security over the internet was not a big issue.
The data was sent unencrypted in FTP which can be easily intercepted by the attacker. Hence, some secure channel was required to transfer the files. For this one can either add a Secure Socket Layer between FTP application layer and TCP or one can simply use an independent protocol called SFTP.
FTP and SFTP both transfers the file from one computer to another but the basic difference between FTP and SFTP is that FTP does not provide a secure channel to transfer files whereas, the SFTP does. Let us discuss some more differences between FTP and SFTP with the help of comparison chart shown below.
Content: FTP Vs SFTP
|Basis for Comparison||FTP||SFTP|
|Basic||FTP do not provide a secure channel to transfer files between hosts.||SFTP provides a secure channel for transferring the files between the hosts.|
|Full Form||File Transfer Protocol.||Secure File Transfer Protocol.|
|Protocol||FTP is a TCP/IP protocol.||SFTP protocol is a part of SSH protocol (a remote login application program).
|Connection||FTP establishes control connection on TCP port 21.||SFTP transfers the file under the connection established by SSH protocol between client and server.|
|Encryption||FTP password and data is sent in a plain text format.||SFTP encrypts the data before sending.|
Definition of FTP
FTP (File Transfer Protocol) is a protocol in TCP/IP which copies a file from one host to another host. Though, it seems very simple to transfer the file from one host to another. But there are some problems like the two systems that sends and receives file may have a different way to represent the data; they may have different file name conventions, may have different directory structures.
FTP provides a simple solution to all the problems above. FTP being different from other client-server application establishes two connections between the communicating hosts. One connection is for data transfer, and other is for the control information (command and responses). FTP is more efficient than other client-server applications as it has a separate connection for data and commands.
The control connection is simple as it is just for establishing a connection between the hosts. But data connection is complex as it has to transfer the variety of data. The FTP establishes control connection on TCP’s port number 21 and data connection on TCP’s port number 20.
Whenever a user starts FTP session, it first establishes a connection with the host to whom the file has to be transferred using control connection then it establishes the data connection for transferring the file.The data connection gets opened and closed after transferring each file. However, the control connection remains connected for the entire FTP session.
Definition of SFTP
SFTP (Secure File Transfer Protocol) is a secure way to transfer the files over the network. Though we have FTP protocol for transferring the files from one host to another on the network but, the time FTP was designed security was not a major issue.
FTP protocol requires the password for establishing the connection with the host to whom file has to be sent, but the password is in the plaintext which has a threat of being intercepted by an attacker. The attacker can then misuse the password. The data is also sent in the plain text over data connection which is again insecure.
So, SFTP introduced a secure channel to transfer the files over the network. SFTP is a part of SSH (Secure Shell) protocol which is actually a program in Unix. The SSH protocol establishes a secure connection between client and server, and then the SFTP program works similar to FTP and transfers the file in the secure channel created by SSH. In this way, the file can be transferred securely using SFTP.
Key Differences Between FTP and SFTP
- FTP do not provide any secure channel to transfer the files between the hosts whereas, the SFTP protocol provides a secure channel for transferring the files between the hosts on the network.
- FTP is an abbreviation of File Transfer Protocol whereas, SFTP is an abbreviation of Secure File Transfer Protocol.
- FTP protocol is a service provided by TCP/IP. However, SFTP is a part of the SSH protocol which is a remote login information.
- FTP makes a connection using control connection on TCP port 21. On the other hands, SFTP transfer the file under the secure connection established by SSH protocol between client and server.
- FTP transfer the password and data in the plain text format whereas, SFTP encrypts the data before sending it to the another host.
Both FTP and SFTP are the file transferring protocol, but SFTP provides a secure way to transfer the file from one host to another host on the network.