1. Risk

2. FXP over SSL

3. Technical

4. References

5. See also

File eXchange Protocol (FXP) and (FXSP) is a method of data transfer which uses FTP to transfer data from one remote server to another (inter-server) without routing this data through the client's connection. Conventional FTP involves a single server and a single client; all data transmission is done between these two. In the FXP session, a client maintains a standard FTP connection to two servers, and can direct either server to connect to the other to initiate a data transfer. The advantage of using FXP over FTP is evident when a high-bandwidth server demands resources from another high-bandwidth server, but only a low-bandwidth client, such as a network administrator working away from location, has the authority to access the resources on both servers.

Risk

Enabling FXP support can make a server vulnerable to an exploit known as FTP bounce. As a result of this, FTP server software often has FXP disabled by default. Some sites restricted IP addresses to trusted sites to limit this risk.

FXP over SSL

Some FTP Servers such as glFTPd, cuftpd, RaidenFTPD, drftpd, and wzdftpd support negotiation of a secure data channel between two servers using either of the FTP protocol extension commands; CPSV or SSCN. This normally works by the client issuing CPSV in lieu of the PASV command—or by sending SSCN prior to PASV transfers—which instructs the server to create either a SSL or TLS connection. However, both methods—CPSV and SSCN—may be susceptible to man-in-the-middle attacks, if the two FTP servers do not verify each other's SSL certificates. SSCN was first introduced by RaidenFTPD and SmartFTP in 2003 and has been widely{{Citation needed|date=July 2010}} adopted.{{When|date=July 2010}}

Technical

Although FXP is often considered a distinct protocol, it is in fact merely an extension of the FTP protocol and is specified in {{IETF RFC|959}}:

         User-PI - Server A  (Dest)              User-PI - Server B  (Source)         ------------------                      ------------------                 C->A : Connect                          C->B : Connect         C->A : PASV         A->C : 227 Entering Passive Mode. A1,A2,A3,A4,a1,a2                                                 C->B : PORT A1,A2,A3,A4,a1,a2                                                 B->C : 200 Okay         C->A : STOR                             C->B : RETR

References

This "protocol" is standardized as a subset of RFC 959 by the IETF as:

• {{IETF RFC|959}} File Transfer Protocol (FTP). J. Postel, J. Reynolds. Oct-1985. This obsoleted the preceding {{IETF RFC|765}} and earlier FTP RFCs back to the original {{IETF RFC|114}}.

See also

• File Transfer Protocol (FTP)
• Comparison of FTP client software
• List of FTP server software
• Trivial File Transfer Protocol (TFTP)
• SSH file transfer protocol (sftp), a protocol running over SSH
• FTPS (FTPS), FTP run over SSL
• Simple File Transfer Protocol (SFTP), the historical protocol {{IETF RFC|913}}

• James Enstrom
• James Entwistle
• James E. Nugent
• James Enyon
• James E. O'Neill Jr.
• James E. Paxton
• James E. Pepper
• James E. Pike
• James E. Plew
• James E. Post
• James E Powers
• James E. Powers
• James E. Purdy
• James E. Putnam
• James E. Quibell
• James E. Ramsey
• James Erasmus Tracey Phillips
• James Eric Cable
• James Erik Johnson
• James Ernest Elder Wills
• James Ernest Ogden
• James Ernest Spencer
• James & Ernie
• James E. Rogers Jr.
• James Erskine, 14th Earl of Mar