Secure File Transfer for Java Applications
Companies worldwide rely on edtFTPj/PRO to securely transfer their confidential files. It is a mature, optimized library packed with features that help Java developers add SFTP and FTPS support to their applications.
edtFTPj/PRO has a rich and flexible feature set that ensures its suitability for your Java file transfer projects so you won’t be caught out part-way through a Java development project when you suddenly need support for a feature you hadn’t planned on. Advantages include:
With Pro you also have the following purchase options:
You can also buy the Source Code for the library for a fee enabling you to save time and minimize the human resource required to develop the software.
SFTP and SCP (SSH file transfer)
FTPS (File transfer over SSL)
FTP
Proxies
Performance
Ease of use
General
What type of secure FTP does edtFTPj/PRO support?
There is considerable confusion when using the term "secure FTP". There are two different types of secure file transfer protocols available, SFTP and FTPS. They are both supported by edtFTPj/PRO.
Firstly, there is an enhancement to standard FTP (as defined in RFC 959), which uses the same FTP commands (and protocol) over secure sockets, i.e. over SSL/TLS. This is implemented by edtFTPj/PRO. This is variously known as FTPS, FTP-SSL, and FTP-over-SSL. There are many FTP servers that support FTPS.
There is also another protocol, unfortunately known as SFTP, which also provides secure file access, but which is not related to the standard FTP protocol. This is implemented using SSH (Secure SHell), a suite of secure network connectivity tools (when used with SSH2 this is known as SFTP). The primary purpose of SSH is to enable users to remotely log into a machine over a secure connection. The two protocols are completely different and not related. Support for this protocol is also in edtFTPj/PRO.
SFTP vs FTPS - which is better?
While FTPS and SFTP are completely different protocols, they offer the same basic feature: secure file transfers. It is therefore common to be faced with the choice of one or the other. This section provides some pros and cons of these two protocols.
Security
Under ideal conditions SFTP and FTPS are able to offer comparable levels of security, but many SFTP deployments suffer from a vulnerability that is an artifact of SFTP's close relationship with SSH. The problem arises when you want to allow client SFTP access on a server but not SSH access. This is generally not a problem for pure SFTP servers, but for SSH/SFTP servers such as OpenSSH it can be quite complex and error-prone. So if you are not very careful when you set up your servers, users on machines with the SFTP client installed will be able to use an SSH client to log into the server and execute commands. This is not a problem with FTPS since this is purely a file transfer protocol and not a remote console protocol.
Upgrading
FTPS is a straight-forward extension to an existing FTP infrastructure. It is supported by most commercial servers and many open-source servers (e.g. wu-ftpd and proftpd), so enabling FTPS on a server is usually just a matter of adding a few configuration options. There is no need to run additional servers since FTPS servers invariably also support FTP. There is also no need to open additional ports in firewalls since FTPS uses the same ports as FTP. It is important to note that data-transfer problems can sometimes arise when changing from FTP to FTPS - see "Firewalls" section below.
Certificates
SFTP uses keys rather than certificates. This means that it can't take advantage of the "chains of trust" paradigm facilitated through Certificate Authorities. This paradigm makes it possible for two entities to establish a trust relationship without directly exchanging security information, which is important for some applications. FTPS uses certificates and therefore can take advantage of this paradigm. SFTP clients must install keys on the server.
Firewalls
SFTP often works better through some firewalls since it does not rely on multiple connections like FTP does. FTP and FTPS both use a control channel to send commands, and a new data connection for each file transfer. While the control channel is usually easily connected, it is common to experience firewall-related problems when connecting data-channels. This is particularly so in FTPS where the FTP-specific features of most firewalls are ineffective due to encryption. Since SFTP relies on a single network connection, it does not suffer from these problems.
What is the difference between SSL and TLS?
Not much.
SSL is short for Secure Sockets Layer, and is a protocol designed and implemented by Netscape. Version 3.0 of SSL was used as the basis for the Transport Layer Security (TLS) standard, version 1.0 (defined in RFC 2246, The TLS Protocol Version 1.0). The differences between SSL 3.0 and TLS 1.0 are not substantial, but the two protocols do not interoperate. TLS does, however, support a mechanism to back down to SSL 3.0. edtFTPj/PRO supports TLS 1.0. We generally use the term "SSL" interchangeably with "TLS", as SSL is more commonly known.
Does IIS support FTPS?
No, Microsoft's Internet Information Server (IIS) does not currently support SFTP or FTPS, but our completely FTP server, CompleteFTP, supports FTPS.
Can edtFTPj/PRO be used with Perl?
Yes, edtFTPj/PRO can be easily called from Perl by means of the INLINE::JAVA module.
© Copyright 2000-2023 COGITO SOFTWARE CO.,LTD. All rights reserved