Originally posted by: kamper
Originally posted by: halfadder
Meh, ftp is insecure. You're on a Mac, may as well use SSH/SCP/SFTP, it's already installed.
There's nothing wrong with ftp if you're just doing anonymous downloading. Except maybe that http is often more convenient...
Even then you can run into problems. Anonymous downloading can be potentionally dangerious unless it's setup correctly, although most ftp servers will probably ship with sane defaults nowadays.
With FTP in Linux it is very nice because you can use it to execute commands and such... Like you can pipe the output into tarball and save that on you local computer and visa versa. These things aren't well know by most ftp users, but are cool when you need to grab or upload directories and such. But it can also cause serious problems.
scp and sftp are much much nicer, especially if your only dealing with a handfull of users that you trust enough to give shell access to. Since ssh is secure shell, for users you have to give shell access to retreive stuff. It's not that different from FTP in certain aspects, although it's much much much more secure.
Otherwise if you don't want to setup shell access then you can use a chroot environment for sftp and eclude everything else. Also you can use rssh or scponly, which do pretty much the same thing but more transparently to the administrator. The downsides for that is that they run with setuid permissions to root in order to take advantage of the chroot stuff. So still you have to trust the users somewhat and be on top of things.
With apache you have a 2gig limit on file sizes. It's probably not smart to put huge files on http anyways.
So in conclusion this is what I feel...
For small amount of users that are trusted with any file sizes.:
ssh/sftp/scp
For small amount of semi-non-trusted users (as in normal users) with any file sizes:
rssh/scponly
That's pretty nice because everything is encrypted. Ssh has strong authentication methods besides just passwords. (public/private keypair and kerberos support) So it's good for sensitive items.
For a large amount of users with small file sizes:
Apache/Http
You could use ssl for more security and PKI infrastructure.
For a large amount of users with large files:
bittorrent
You can use encrypted files and have a secure method of distributing passwords if your worred about that sort of thing with bittorrent, or most anything.