File eXchange Protocol
   HOME

TheInfoList



OR:

File eXchange Protocol (FXP or FXSP) is a method of data transfer which uses
FTP The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data ...
to transfer data from one remote server to another (
inter-server In computer network protocol design, inter-server communication is an extension of the client–server model in which data are exchanged directly between servers. In some fields server-to-server (S2S) is used as an alternative, and the term ''int ...
) without routing this data through the client's connection. Conventional FTP involves a single
server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...
and a single
client Client(s) or The Client may refer to: * Client (business) * Client (computing), hardware or software that accesses a remote service on another computer * Customer or client, a recipient of goods or services in return for monetary or other valuabl ...
; all data transmission is done between these two. In the FXP session, a client maintains a standard FTP connection to two servers, and can direct either server to connect to the other to initiate a data transfer. The advantage of using FXP over FTP is evident when a high-bandwidth server demands resources from another high-bandwidth server, but only a low-bandwidth client, such as a network administrator working away from location, has the authority to access the resources on both servers.


Risk

Enabling FXP support can make a server vulnerable to an
exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: *Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploitat ...
known as FTP bounce. As a result of this, FTP server software often has FXP disabled by default. Some sites restrict IP addresses to trusted sites to limit this risk.


FXP over SSL

Some FTP Servers such as glFTPd, cuftpd, RaidenFTPD, drftpd, and wzdftpd support negotiation of a secure data channel between two servers using either of the FTP protocol extension commands; CPSV or SSCN. This normally works by the client issuing CPSV in lieu of the PASV command—or by sending SSCN prior to PASV transfers—which instructs the server to create either a SSL or TLS connection. However, both methods—CPSV and SSCN—may be susceptible to
man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
s, if the two FTP servers do not verify each other's SSL certificates. SSCN was first introduced by RaidenFTPD and
SmartFTP SmartFTP is a network file transfer program for Microsoft Windows that supports file transfer via FTP, FTPS, SFTP, WebDAV, Amazon S3, Google Drive, Microsoft OneDrive, Box, Google Cloud Storage and Backblaze B2 protocols. It supports SSL/TLS, ...
in 2003 and has been widely adopted.


Technical

Although FXP is often considered a distinct protocol, it is in fact merely an extension of the FTP protocol and is specified in : User-PI - Server A (Dest) User-PI - Server B (Source) ------------------ ------------------ C->A : Connect C->B : Connect C->A : PASV A->C : 227 Entering Passive Mode. A1,A2,A3,A4,a1,a2 C->B : PORT A1,A2,A3,A4,a1,a2 B->C : 200 Okay C->A : STOR C->B : RETR B->A : Connect to HOST-A, PORT-a


References

This "protocol" is
standardized Standardization or standardisation is the process of implementing and developing technical standards based on the consensus of different parties that include firms, users, interest groups, standards organizations and governments. Standardization ...
as a subset of
RFC RFC may refer to: Computing * Request for Comments, a memorandum on Internet standards * Request for change, change management * Remote Function Call, in SAP computer systems * Rhye's and Fall of Civilization, a modification for Sid Meier's Civ ...
959 by the
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
as: * File Transfer Protocol (FTP). J. Postel, J. Reynolds. Oct-1985. This obsoleted the preceding and earlier FTP RFCs back to the original .


See also

*
File Transfer Protocol The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and dat ...
(FTP) *
Comparison of FTP client software The following tables compare general and technical information for a number of File Transfer Protocol (FTP) clients. Unless otherwise specified in footnotes, comparisons are based on the stable versions without any add-ons, extensions, or extern ...
*
List of FTP server software Graphical Console/terminal-based Libraries Summary board Graphical UI based FTP Servers Terminal/Console based FTP Servers See also * File Transfer Protocol, File Transfer Protocol (FTP) * Comparison of FTP client software * ...
*
Trivial File Transfer Protocol Trivial File Transfer Protocol (TFTP) is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area networ ...
(TFTP) * SSH file transfer protocol (sftp), a protocol running over
SSH The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on ...
*
FTPS FTPS (also known as FTP-SSL and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer (SSL, which is now prohibited by RFC75 ...
(FTPS), FTP run over SSL *
Simple File Transfer Protocol The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data ...
(SFTP), the historical protocol {{IETF RFC, 913 Internet protocols ru:FTP#FXP