FTP/SSL secure but the HTTP part not secure?

0 votes
asked May 30, 2014 by LucyIsHerPrequel (120 points)
edited Jun 2, 2014


After reading some of the docs on how this works I seem to understand the basics of what the FTP/SSL library is doing. Connecting to an ASP page, it opens up a FTP/SSL connection with an FTP server that is exchanging an SSL certificates. So that part is secure. But you are connecting to the ASP page via a non-encrypted HTTP.

--My Question--
So the data is not encrypted between your desktop and the ASP page when it travels over the HTTP? Then from the ASP server to the FTP/SSL server the data is encrypted?

Did I read things correctly? It's the ASP hosting server that actually connects to the FTP server and passes your data through, but it not encrypted until it hits that ASP server?

Your Desktop>>>HTTP>>>ASP server>>>FTP/SSL connection>>>FTP server

Applies to: Rebex FTP/SSL

1 Answer

0 votes
answered Jun 2, 2014 by Jan Sotola (17,670 points)
edited Jun 2, 2014

Yes, it is right.

In the ASP environment, the FTP/SSL library runs on the web server (ASP hosting server) and the ASP application connects to the FTP server from there.

The FTP/SSL library cannot affect security used for communication between the web server and the web client. However, you can set up it simply by requiring the HTTPS protocol on the web server.

To clarify, I can extend your schema:

MACHINE:  |  Web client        |           Web server           |
          |                    |       = FTP/SSL client         |         FTP server
SOFTWARE: |  web browser  >>> HTTP >>>  ASP application  >>> FTP/SSL >>>  FTP server 
          |                    |     using FTP/SSL library      |         application