FTP should be avoided, unless it is used with SSL

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Metadata

ID: php-security/avoid-using-ftp

Language: PHP

Severity: Error

Category: Security

CWE: 319

Description

Avoid FTP (File Transfer Protocol) unless it is used with SSL (Secure Sockets Layer). FTP is a standard network protocol used for the transfer of computer files between a client and server on a computer network. However, FTP is inherently insecure as it does not encrypt the data being transmitted, which can lead to potential data breaches.

Without SSL, data transferred over FTP can be intercepted and read by anyone who is able to access the network. This includes sensitive information like usernames, passwords, and personal data.

Always use ftp_ssl_connect instead of ftp_connect when establishing a connection to an FTP server in PHP. This ensures that the connection is encrypted with SSL. If ftp_ssl_connect is not available or the server does not support FTPS, consider using SFTP (SSH File Transfer Protocol) or other secure methods of file transfer.

Non-Compliant Code Examples

<?php
$conn = ftp_connect($host);
$login = ftp_login($conn, $username, $password);

Compliant Code Examples

<?php
$conn = ftp_ssl_connect($host);
assertType('Illuminate\Database\Eloquent\Collection<int, Illuminate\Types\Relations\Address>', $user->address()->get());
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

Datadog Code Analysis