ElearningWorld.org

For the online learning world

MoodleSecurityTechnical

Moodle tech tips – not using FTP

If you are a new Moodle administrator you might consider using FTP to transfer large files to the server.  Our advise is don’t do this!If you are searching around the internet to find the answer to how you can transfer large files to your Moodle server, bypassing the file upload limit set in Moodle, then you will no doubt find older articles explaining how to do this using FTP (File Transfer Protocol).

Unfortunately FTP is an old protocol now, and not really suitable for security reasons.  To explain, FTP users may authenticate themselves with a clear-text sign-in: the username and password are NOT encrypted, meaning someone could intercept them.  FTP can also connect anonymously if the server is configured to allow it (more are these days).

FTP was never designed to be a secure protocol !

For secure transmission that protect the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS).  Using SSL is much more secure, and most modern clients such as Filezilla offer this.  There are many other secure clients – including free and open source options – so check out https://en.wikipedia.org/wiki/Comparison_of_FTP_client_software#Free_and_open_source_software

SSH File Transfer Protocol (SFTP) is more often used instead; although it is quite technologically different to FTP, it does the same job in many situations.

So, the message is “Don’t use FTP to access your Moodle server, it simply does not meet the security requirements of this day and age.

Stuart Mealor
Latest posts by Stuart Mealor (see all)

Stuart Mealor

Stuart is interested in all things e-learning, with specific interests in Moodle, e-learning strategy, and business development. His experience in education over 30 years, MBA in International Business, and knowledge of e-learning systems implementation, together with graphic design background, give him a unique skill set for e-learning projects.

Add a reply or comment...