This Article is nonsense, still it hits top charts
https://medium.com/@philgilligan/5-reasons-to-avoid-ftp-and-use-aws-s3-instead-7aa160708940
Why?
Here are our top five concerns about using FTP:
- Self-hosted FTP servers put all the hard work and security risk on the person or IT department hosting the server. It can be a time consuming job to keep the server operational and running efficiently.
- Standard FTP is a non-secure way to transfer data. When a file is sent via FTP, the data, username, and password are all shared in plain text, meaning a hacker can access this information with little to no effort. For your data to be secure, you need to use an enhanced version of FTP, like FTPS or SFTP.
- Encryption is not automatic. So unless you specifically encrypt your data, it can be stolen in transit, through an insecure connection at a cafe or other public WiFi hotspot, for example. And if security is compromised, all the files stored on an FTP server can be read.
- FTP can be vulnerable to attack by DDOS or brute force hacking attempts.
- FTP is not compatible with common compliance standards, such as HIPAA, ITAR, PCI-DSS, SOX, or GLBA.
Who is our?
1. Self-Hosted FTP, who said self hosted in the title? Also you can self-host a S3-compatible service, so a non-argument.
2. Standard FTP, why compare it with the most outdated insecure version of FTP whom nobody uses anymore? FTPS or SFTP are the contenders.
3. Why would you be on a insecure public hotspot anyway? SFTP is with SSH connection, so pretty secure.
4. S3 cant be bruteforced?
First Google Search
AWS S3 buckets can be be brute forced to cause financial impact against the resource owner. What makes this even riskier is that even private, locked down buckets can still trigger a potential cost, even with an “Access Denied”, while also being accessible from unauthenticated, anonymous accounts.
AWS S3 Bucket Enumeration or Brute Force – Elastic
5. I don’t know about these standards and why we need them. Only thing I know is if you think S3
