Stories
Slash Boxes
Comments

SoylentNews is people

Google Plans To Deprecate FTP URL Support In Chrome

posted by janrinok on Monday August 19 2019, @01:55PM   Printer-friendly
from the left-to-rot dept.

Arthur T Knackerbracket has found the following story:

Currently people can access FTP list and download resources hosted on FTP servers in Chrome through FTP URLs, but this may not work anymore in the near future. In a post published by Chrome engineers, there is a plan to deprecate FTP support in Chrome version 82.

The major motivation for this deprecation is that Chrome doesn't have an encrypted FTP connection support(FTPs), this raises security risk of downloading resources over FTP. Since users can access FTP URLs and download resources, there is no encryption of the data which indicates any sensitive information would be exposed to middle man attack. There are other vulnerabilities as well. 

[...] The deprecation will start from Chrome version 82 planned to be released in 2020 Q2.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Google Plans To Deprecate FTP URL Support In Chrome | Log In/Create an Account | Top | 37 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by theluggage on Monday August 19 2019, @04:36PM

    by theluggage (1797) on Monday August 19 2019, @04:36PM (#882203)

    Of Google's recent decisions...

    "Chrome say HTTPS good HTTP bad!": stupid. Result: lots of demand for free and easier-to-obtain certificates, blind faith in the Holy Padlock (clue: bad guys can get https certs too!) and/or training people to ignore "not secure" warnings - major risks to balance against a pretty limited resilience to snooping/injection (your ISP/employer/rogue hotspot operator probably forced you to install a cert for their proxy anyway). If you can't validate the identity of the server then encryption is as much use as a steel door on a tent.

    Depreciating extended validation: stupid. If nobody is using or checking it - promote it so that they do - nobody taking payments or collecting other sensitive data should be relying on regular certificates that only prove that whoever runs 'bankofarnerica.com' has root. Oh, and stop making it more and more difficult to actually view a certificate to see who it was issued to.

    "Removing FTP": Yawn. ftp:// made sense in the good old days when there were endless treasure troves buried in anon FTP servers, but its 2019 and if you can't work out how to install and use a proper FTP client (and haven't switched to FTPS or sftp) then you probably don't need FTP.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3