Longhorn Request: Secure & Transactional FTP#

With WinFS coming up, this one should be a breeze on the upcoming Windows platform (which will go unnamed for a change to further lessen that diabolic (but oh so just) hype): I would like to see FTP grow up (*). And by growing up I mean become more than a protocol to shake hands and throw bits at each other until you run out of ammo. I want to see it become (at least) transactional and secure.

"Transactional" because if you're using it to transfer a whole website (still one of the most widely used reasons to use FTP in the first place - apart from that "legal" form of "datasharing" any ignorant judge would call "piracy" of course), you want either the whole thing to succeed or fail. You don't want half of your site reflecting the fact that your company just went bankrupt while the other half is still pretending to be alive and kicking while throwing fast-climbing sales graphs in your face to prove that point. You also don't want to see any changes to your site halfway through the transmission, instead you want the whole batch to be committed in the end - when everything arrived safely and correctly. ACID baby, yeah.

"Secure" because right now, I just don't trust plain FTP. I don't use it at work to change my site for example. There are all kinds of initiatives to make FTP secure (like run it over SSL or in an SSH session) but I want this to be the default. Security is not an add-on anymore, it's not optional, it should just "be there", implicitly.

Of course this reaches beyond Windows into all platforms, but I'm just focusing on Windows now because, well, that's my personal bias. (I'd be interested in knowing how hard it would be to build this in penguin-land though.) The Windows built-in ftp.exe command is a great and simple tool I use regularly and it just seems so incredibly easy in WinFS to make it even better. With WinFS becoming a file system backed by a relational engine, it's intrinsic that you can use transactions. So at the start of your FTP command, you just call WinFS.BeginTransaction (so to speak) and do a WinFS.Commit() in the end. And with Indigo and its secure messaging features, why not use 'services' as a higher-level layer upon merely sending bits across the wire? Overhead? Sure! But I'd like to see you perform security, routing, and even transactions on the wire-level yourself without using Indigo. Don't want to? Keep it simple and unsafe? Good luck coming up with more fast-climbing sales graphs...

(*) Actually, I would like to see the whole web grow up. Starting with the slashdot community ;-) No really, the current state of the web is like a badly designed medieval castle you just keep throwing bricks at to keep it from falling down. Browsers can't keep up with modern-day webapplication requirements like obvious state- and usermanagement (cookies and ASP.NET viewstate being obviously working but ugly hacks), emails still disappear from my inbox all too regularly or never get there at all, RSS still having no other central distribution mechanism than being pull in stead of push, TCP being a hard protocol because it tries to be reliable over an intrinsically unreliable IP-connection, ... So I'm not waiting for IPV6 really, I'd bet my money on TheWeb 2.0. (Yes, I am aware that this last remark isn't remotely realistic thank you very much. But it would be nice to have a band of modern-day architects design a whole new future-proof web though. If only for the kick of it.)

Blog | Programming | .NET | Windows | Longhorn
Tuesday, February 24, 2004 11:49:06 PM (Romance Standard Time, UTC+01:00) #    Comments [6]  | 
Related posts:
Extracting OLE embedded images from emails in Outlook
Just Released: Mollom for .NET v1.0!
Updated: Setting up Source Server for TFS Builds
Mortgage Loan Excel Sheet
My "Deep Dive Into The Guidance Automation Toolkit" presentation now online!
DSL Tools session at TechDays in Belgium

 

Thursday, February 26, 2004 7:55:56 AM (Romance Standard Time, UTC+01:00)
Does the WebDAV protocol support your needs? It can easily run over HTTPS. It has locking, and other features which could be made into transactions. The current windows implementation is terrible.
?
Thursday, February 26, 2004 5:48:58 PM (Romance Standard Time, UTC+01:00)
Secure FTP, you say? You mean like

http://www.openssh.com/ has had for some time?

http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1 for the man page. Granted, it's still gaining some of the client features that old FTP clients have had.

Or SCP:http://www.openbsd.org/cgi-bin/man.cgi?query=scp&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html

I killed FTP a long time ago. People SCP files to the web server. No more nasty firewall rules, no more cleartext passwords flying about, and no more patching FTP daemons weekly for the invariable holes that are found.

Scott Delinger | sdelingeAT NOSPAMualberta dot ca
Thursday, February 26, 2004 6:46:55 PM (Romance Standard Time, UTC+01:00)
I'm sure there are plenty of protocols like WebDAV and SSH that do the (security) trick, but as I mentioned: I want that security just to "be there" in the first place. I don't want to download and configure yet another tool for such a simple task. FTP (the client tool) comes on every box for free and with support, so I think it's time to add some modern-day requirements to it. Furthermore, most servers only support the FTP protocol; so until they're seen as the defacto standard, I'm not really looking into WebDAV, SSH and the like. (At least not for exercises of the mind such as this one :-) )

And as far as existing protocols are concerned, I wouldn't know how hard it would be in WebDAV - but transactions? I think you'll have a hard time getting that to run without support from the OS. And that's where WinFS comes into play.
Jelle Druyts
Thursday, February 26, 2004 7:28:09 PM (Romance Standard Time, UTC+01:00)
With WinFS in place, I think you could fairly easily have a small application that uses the existing change control mechanisms provided by the Synchoronization servers to build a site propagator (even before we have WinFS on the remote server). When you have WinFS on the remote server, you can trivially imagine the WinFS to WinFS sync service keeping things up to date out of the box.

As to whether Microsoft would replace the out of the box FTP tools, or include a web site management tool out of the box, I wouldn't know. I personally would think it was an interesting sample application.
Samuel Druker | samuelAT NOSPAMdruker dot org
Thursday, August 25, 2005 2:17:12 PM (Romance Standard Time, UTC+01:00)
OK seems to work now with this information
repair outlook express 6.0 | outlook_expressAT NOSPAMukr dot net
Friday, August 26, 2005 12:22:38 PM (Romance Standard Time, UTC+01:00)
Hello!I found here a plenty of useful information for myself! I will visit you soon...
dbx extract | expressAT NOSPAMukr dot net
Comments are closed.
All content © 2008, Jelle Druyts
On this page

Recent Photos
www.flickr.com
This is a Flickr badge showing public photos from Jelle Druyts. Make your own badge here.
Advertising
Top Picks
Article: The Command Pattern In Windows Presentation Foundation
Article: Customizing generated Web Service proxies in Visual Studio 2005
Article: Applied Visual Studio 2005 Enhancements In WeFly247
Project: InfoPathHelper
Project: E = m c²
Project: HtmlEditor
Project: Tools Library
Generics & Invariance: An Interesting Problem
PDC05 Pre-Con: The Art Of Building A Reusable Class Library
DataSets Are Not Evil
Indigo March CTP "Hello World" Server & Client
XML Comments Quick Reference
Pushing modified DataSets through Web Services
On recruiting & blogs
Poor man's generics in .NET 1.x
InfoPathHelper: add offline support to InfoPath!
Launching the default mail client in .NET
The ASP.NET 2.0 Profile
How Hotmail might surpass GMail and Yahoo! Mail
The ASP.NET 2.0 ObjectDataSource Revisited - or - Give Me That Extra Inch!
Working around some ASP.NET AdRotator limitations
DataBinding in ASP.NET 2.0
Inheritance modelling in a relational database
OneShotFlag
Longhorn Request: Secure & Transactional FTP
NullReferenceExceptions
SPOT Watch For Treehuggers
Cursors
From Xml Encodings Over Filesystem Tags To Generic Metadata
Statistics
Total Posts: 344
This Year: 7
This Month: 0
This Week: 0
Comments: 522
Archives
 Full Archives By Category
June, 2008 (1)
May, 2008 (1)
April, 2008 (1)
March, 2008 (2)
February, 2008 (2)
December, 2007 (4)
November, 2007 (4)
October, 2007 (2)
September, 2007 (1)
June, 2007 (1)
April, 2007 (4)
March, 2007 (1)
February, 2007 (3)
January, 2007 (1)
December, 2006 (1)
October, 2006 (1)
September, 2006 (1)
August, 2006 (1)
July, 2006 (3)
June, 2006 (11)
May, 2006 (6)
April, 2006 (2)
March, 2006 (3)
February, 2006 (2)
January, 2006 (1)
November, 2005 (5)
October, 2005 (15)
September, 2005 (7)
August, 2005 (1)
July, 2005 (5)
June, 2005 (2)
May, 2005 (2)
April, 2005 (8)
March, 2005 (7)
February, 2005 (3)
January, 2005 (13)
December, 2004 (3)
November, 2004 (7)
October, 2004 (5)
September, 2004 (4)
August, 2004 (4)
June, 2004 (16)
May, 2004 (11)
April, 2004 (21)
March, 2004 (8)
February, 2004 (14)
January, 2004 (33)
December, 2003 (8)
November, 2003 (7)
October, 2003 (16)
September, 2003 (8)
August, 2003 (15)
July, 2003 (3)
June, 2003 (5)
May, 2003 (13)
April, 2003 (16)
Sitemap
 
 
 
Disclaimer
This is my personal website, not my boss', not my mother's, and certainly not the pope's. My personal opinions may be irrelevant, inaccurate, boring or even plain wrong, I'm sorry if that makes you feel uncomfortable. But then again, you don't have to read them, I just hope you'll find something interesting here now and then. I'll certainly do my best. But if you don't like it, go read the pope's blog. I'm sure it's fascinating.

Powered by:
newtelligence dasBlog 2.0.7226.0

Sign In