We use the terms interchangeably, but they’re not the same thing.
“FTP me the file they said. It will be easy they said.”
In fact, I dealt with a web host one time that only allowed FTP. No big deal? FTP vs SFTP? What’s the difference?
Let me explain the difference and you’ll understand why it’s important know the difference and always use SFTP when you can.
FTP vs SFTP
FTP
Standard FTP runs on two separate channels. One is used as a command channel and the other for data. Once the connection has been authenticated, it remains open until the client sends a quit command to disconnect.
Sounds simple enough, but the real hitch is when it comes to security.
When using FTP, both the command and data channels are unencrypted. This means that any and all data can be intercepted and read.
Note to self: Don’t use straight FTP.
SFTP
SFTP is based on SSH, Secure Shell protocol. Unlike FTP, it doesn’t use separate command and data channels, but mixes it up with specially formatted packets. As for security, it has it.
All data sent via SFTP between the client and server is encrypted.
Note to self: Always use SFTP.
Conclusion
If you’ve got a choice between the two connections, always make sure you’re using SFTP. Most hosting services, today, use only SFTP; but buyer beware. There are those few out there that either allow or require you to use standard FTP. Avoid it. It’s not safe and secure.
Adam Short says
The big issue here is that the username and password for the FTP session is sent without any encryption. That’s why you should never use FTP. Most server installations don’t even have it installed by default any more.
Eric Dye says
Nor should you mistakenly use it!