FTP & WEB

Intro
• FTP or File Transfer Protocol is a commonly used
protocol for exchanging files over any network that
supports the TCP/IP protocol (such as the Internet or an
intranet).
• There are two computers involved in an FTP transfer: a
server and a client.
• The FTP server, running FTP server software, listens on
the network for connection requests from other
computers. The client computer, running
FTP client software, initiates a connection to the server.
• Once connected, the client can do a number of file
manipulation operations (if he has the authority) such as
uploading files to the server, download files from the
server, rename or delete files on the server and so on.
 Transfer Modes
• Through FTP, any computer connected to a TCP/IP
based network can manipulate files on another computer
on that network regardless of the operating systems
involved.
• FTP is utilizes two ports, a 'data' port and a 'command'
port (also known as the control port). Traditionally these
are port 21 for the command port and port 20 for the
data port. FTP servers by default listen on port 21 for
incoming connections from FTP clients.
• Depending on the transfer mode, the data port is not
always on port 20.
• There are two types of transfer modes:
– active mode
– passive mode
 Active FTP
• In active mode FTP the client connects from a random
unprivileged port (N > 1023) to the FTP server's
command port, which is port 21.
• Then, the client starts listening on port N+1 for the server
to connect, and sends the FTP data PORT N+1 to the
FTP server.
• The server will then connect back to the client's specified
data port from its local data port, which is port 20.
• The main problem with active mode FTP actually falls on
the client side. The FTP client doesn't make the actual
connection to the data port of the server--it simply tells
the server what port it is listening on and the server
connects back to the specified port on the client.
 Passive FTP
• In order to resolve the issue of the server initiating the
connection to the client, a different method for FTP
connections was developed.
• In passive mode FTP the client initiates both connections
to the server.
• When opening an FTP connection, the client opens two
random unprivileged ports locally (N > 1023 and N+1).
• The first port contacts the server on port 21, but instead
of then issuing a PORT command and allowing the
server to connect back to its data port, the client will
issue the PASV command.
• The result of this is that the server then opens a random
unprivileged port (P > 1023) and sends the PORT
command back to the client. The client then initiates the
connection from port N+1 to port P on the server to
transfer data.
• The problem with passive FTP is many
open ports are needed on the server to
allow client connections.
• There are also client programmes which
do not support passive mode transfer.
 The objectives of FTP
1. To promote sharing of files (computer
programs and/or data).
2. To encourage indirect or implicit use of
remote computers.
3. To shield a user from variations in file
storage systems among different hosts.
4. To transfer data reliably & efficiently.
 Criticisms of FTP
1. Passwords and file contents are sent in clear text,
which can be intercepted by network sniffers.
2. Multiple TCP/IP connections are used, one for the
control connection, and one for each download,
upload, or directory listing.
3. FTP is a high latency protocol due to the number of
commands needed to initiate a transfer.
4. No integrity check on the receiver side. If transfer is
interrupted the receiver has no way to know if the
received file is complete or not. It is necessary to
manage this externally for example with MD5 sums or
cyclic redundancy checking.
5. No error detection. FTP relies on the underlying TCP
layer for error control, which uses a weak checksum by
modern standards.
 Anonymous FTP
• Usually users are asked to enter a username
and password to access an FTP site.
• Many sites that run FTP servers enable so-
called "anonymous ftp". Under this arrangement,
users do not need an account on the server. The
user name for anonymous access is typically
'anonymous' or 'ftp'. This account does not need
a password.
• So if you are ever asked to enter a password to
access a public FTP site, try anonymous.
 HTTP
• Hypertext Transfer Protocol (HTTP) is a
method used to transfer or convey information
on the World Wide Web.
• HTTP is a request/response protocol between
clients and servers. The originating client, such
as a web browser, or other end-user tool, is
referred to as the user agent. The destination
server, which stores or creates resources such
as HTML files and images, is called the origin
server.
 Connection
• An HTTP client initiates a request by
establishing a TCP connection to a particular
port on the server (port 80 by default). An HTTP
server listening on that port waits for the client to
send a request message.
• Upon receiving the request, the server sends
back a status line, such as "HTTP/1.1 200 OK",
and a message of its own, the body of the
requested file, an error message, or some other
information.
 Web server programs
basic common features
1. Response to HTTP requests:
• HTML document,
• Raw, text file, or an image
• error messages
2. Logging
• capability of logging some detailed information,
about client requests and server responses, to
log files; this allows the Webmaster to collect
statistics by running log analyzers on log files.
 Path translation
• Web servers usually translate the path component of a
Uniform Resource Locator (URL) into a local file system resource.
The URL path specified by the client is relative to the Web
server's root directory.
• Consider the following URL as it would be requested by a client:
http://www.example.com/path/file.html
• The client's Web browser will translate it into a connection to
www.example.com with the following HTTP 1.1 request:
GET /path/file.html HTTP/1.1
Host: www.example.com
• The Web server on www.example.com will append the given path
to the path of its root directory. On Unix machines, this is
commonly /var/www/htdocs. The result is the local file system
resource: /var/www/htdocs/path/file.html
• The Web server will then read the file, if it exists, and send a
response to the client's Web browser. The response will describe
the content of the file and contain the file itself.
 https
• https is a URI scheme which is syntactically identical to
the http:// scheme normally used for accessing
resources using HTTP.
• Using an https: URL indicates that HTTP is to be used,
but with a different default port (443) and an additional
encryption/authentication layer between HTTP and TCP.
• This system was designed by Netscape Communications
Corporation to provide authentication and encrypted
communication and is widely used on the World Wide
Web for security-sensitive communication such as
payment transactions and corporate logons.
• Eg. Yahoo uses https when logging to your mail
accounts.
 Webserver directory index
• When an HTTP client (generally a web browser)
requests a URL that points at just a directory
rather than at a file, within a directory the web
server will generally serve up some kind of main
or index page.
• index.html (htm)is the traditional filename for
such a page, but most modern HTTP servers
offer a configurable list of filenames for the
server to use as an index if possible.
• Others include index.php, index.shtml,
default.asp.
• http://www.example.com is technically not
a valid URL, but most modern browsers
(and webservers if the browsers do not)
will automatically correct it to
http://www.example.com/, which will result
in the serving of the index page from the
root directory of the website.
• Thus, the home page is usually index.html,
and is often called an “index page”.
 Web Server Softwares
• Apache HTTP Server – free UNIX based
• Internet Information Services (IIS) –
Microsoft Windows Server based
• Sun Java System Web Server - formerly
Sun ONE Web Server, iPlanet Web
Server, and Netscape Enterprise Server
by Sun Microsystems
 Web Browsers
• Internet Explorer – comes with Windows
• Mozilla Firefox - free
• Netscape Navigator
• Opera