Mozilla phasing out FTP

IMO

If I had a crystal ball or I was a Genie and foretold the future, I don't see FTP in the future for game environments. The way it sits in my head is SAAS 'Software As A Service'. I think they, N3V, are on the fast track towards this end.

Again IMO... In about 4 years the DLS may start to phase out. The TCCP may become the portal for freeware also, everything will have to go through the new interface... I keep checking if you can buy stock, but N3V Games is a privately held and an independent games developer.

I can see 3rd party developers utilizing their own server space to offer FTP downloads when this happens, and could be a money maker for a few years after that point to a couple of competitors. What a business model.
 
Thanks for the heads up.

Too bad since the FTP on the DLS was helpful for downloading content when CM won't download the DLS item...

Cheers
 
Another browser soon to not offer FTP. I hope N3V is planning to upgrade the DLS download process! https://www.zdnet.com/article/mozil...61589348395194469&mid=13336791&cid=1453526910

Here's the actual info from Mozilla, https://blog.mozilla.org/addons/202...r-the-upcoming-deprecation-of-ftp-in-firefox/

All the other main browsers have already blocked it. Probably won't affect CM or Manage Content yet as they do not use browsers, however may be a problem if ISPs block FTP which has happened with some.
 
Guess we're going back to the old days then of using a third party application for FTP downloading - I think I still have one such program on an old demo disc that came with an ancient PC magazine on my shelf, although whether it would even still run under modern Windows (I got it back in the Win 98 days, and it did still work under Win XP, but that was the last time I used it, so whether it would run in Vista/7/8/10 is unclear). Still disappointing to hear though. :(
 
Any FTP client works just fine with the DLS. Just use sftp protocol if you can as it is more secure.

FTP in a browser was always a kludge anyway, left over from the very beginning of the web when Tim Berners-Lee envisioned webpages as being interactive whiteboards for users to collaborate with each other. There is a very common exploit that can be run using ftp in a browser to compromise a server if the server admin isn't careful.

William
 
Just tested WinSCP with Chrome Edge works fine for downloading as FTP. Firefox from v90 and presumably the others such as Chrome etc will now pass off FTP requests to whatever FTP client you have installed.
 
I was going to ask if Filezilla or some other FTP client worked. Thanks for beating me to it.

It's a shame that the mainstream is removing a very useful protocol. What's insecure about it? If the service is properly configured, the service can be set to read-only for clients so nothing can be uploaded to it.
 
Last edited:
I was going to ask if Filezilla or some other FTP client worked. Thanks for beating me to it.

It's a shame that the mainstream is removing a very useful protocol. What's insecure about it? If the service is properly configured, the service can be set to read-only for clients so nothing can be uploaded to it.


In very general terms, a user on a server can upload a script to their user directory. If they run the script there it runs under their user name so it can only effect files they own. But if they call the script through a browser using the ftp protocol it runs under the web daemon which has much more extensive rights since it has to answer requests for files from every user directory. You're right, a good admin can block this sort of behavior but we live in a world of virtual servers that by default are not locked down that tightly and the people running them don't know better. It is a script kiddie exploit but sadly it works far too often.

William

PS, Http and https both support file downloads using the GET command so web designers can offer files that way from their webserver rather than starting up a ftp daemon to download files. This has been possible since html 4 was introduced. Of course, I think the code of the DLS site predates that time.
 
Last edited:
Guess we're going back to the old days then of using a third party application for FTP downloading - I think I still have one such program on an old demo disc that came with an ancient PC magazine on my shelf, although whether it would even still run under modern Windows (I got it back in the Win 98 days, and it did still work under Win XP, but that was the last time I used it, so whether it would run in Vista/7/8/10 is unclear). Still disappointing to hear though. :(

I have a small file saver from WINDOWS ME era that runs under "10". Might be worth the effort for you to exhume it.;)
 
Chances are that anything newer than XP won't be able to read the CD/DVD format. I have that problem with old CDs. Win 7 just can't read the disc. FileZilla is free and a very nice program.

William
 
In very general terms, a user on a server can upload a script to their user directory. If they run the script there it runs under their user name so it can only effect files they own. But if they call the script through a browser using the ftp protocol it runs under the web daemon which has much more extensive rights since it has to answer requests for files from every user directory. You're right, a good admin can block this sort of behavior but we live in a world of virtual servers that by default are not locked down that tightly and the people running them don't know better. It is a script kiddie exploit but sadly it works far too often.

William

PS, Http and https both support file downloads using the GET command so web designers can offer files that way from their webserver rather than starting up a ftp daemon to download files. This has been possible since html 4 was introduced. Of course, I think the code of the DLS site predates that time.

That makes sense to me. And what you said about defaults seems to be a big issue for a lot of security problems these days with a lot more things.

I worked in the IT world and supported a very small FTP server running on Solaris 9 company use only. Along with the Solaris Admin, we locked that thing down pretty tightly, but we still saw hits all the time from various individuals attempting to break in and use it for other purposes and that was back in the early 2000s.
 
Back
Top