Recommended Posts

I need to work on getting call recordings from third party location to our SFTP servers. They gave us two options. 

 

1. They push them automatically to us. They can only send them in FTP format but not SFTP format. I don't know if this a problem or not so let me know. 

 

2. If FTP is a problem then the other way they can do it is set up an FTP server on their side that we can access and pull records to our SFTP server. 

 

Let me know which of the options we would like to go with so that we can proceed with it.

 

If we pull recordings from their FTP server to our SFTP server, Will it be secure? 

 

TIA !! 

Link to comment
https://www.neowin.net/forum/topic/1224287-transfer-files-from-ftp-to-sftp/
Share on other sites

It doesn't matter if they push it via FTP to you or you pull it via FTP from you SFTP server.  It is still going to be FTP. 

 

If they won't support SFTP, they may be able to do FTPS, which still uses the FTP protocol, but adds a layer of encryption. SFTP is a different protocol altogether, generally utilizing SSH. 

 

http://www.jscape.com/blog/bid/75602/Understanding-Key-Differences-Between-FTP-FTPS-and-SFTP

 

http://www.differencebetween.net/technology/internet/difference-between-ftp-and-sftp/

Thanks Eddie, Is there any mechanism such that the data can be transferred or pulled from  FTP > SFTP maintaining the security of data during communication (without FTPS).  I am not comfortable with hosting an FTP server at my end because it may be vulnerable to our Production environment. 

 

If they setup FTPS, then what complication can we have pulling data from their end?

 

TIA ... 

If you have an SFTP server setup, all they need is an SFTP client, those can be had for free and it really should be that different from their perspective. I'd question as to what the problem is in using SFTP on their end and try to get a specific reason.

Without using FTPS or SFTP, your data won't be encrypted.

 

I agree with heatlessun, if they are unwilling to install a SFTP client, I would seriously question how secure they are to begin with. 

 

If the FTP server is on their side, and FTP client on your side, other than the data not being encrypted, I don't think it'll pose any serious security risks to your server.

If they setup FTPS (FTP over SSL), and we setup FTP (without SSL) or FTP client at our end, I think the communication will be in encrypted manner, Am I right?

 

Now eventually all our recordings are on SFTP server which users listen via Salesforce.  So can FTP client Or FTP at our end simply pass the data it receives to SFTP server? 

Or is there any such mechanism available?

 

Thanks !! 

If you're running a FTPS server you can mandate encryption so that any (good) FTP client will use encryption. SFTP always uses encryption so it's not a problem there.

Now if the client is on your end and you're pulling data from their servers then they'll need to enable FTPS, if they won't or can't then SFTP is your only option (And if that doesn't work, then you're out of uck)

Thanks for answering my query ... !!

Assuming they enabled FTPS. Now I want to move data from FTP client at our end to SFTP server at our end. So can FTP client Or FTP at our end simply pass the data it receives to SFTP server? OR is there any such mechanism available? OR we need to manually copy the data over to SFTP server via some script?

 

TIA !!! 

"They gave us two options. "

Wrong Answer -- As stated already, sftp is secure, ftp is not - have them sftp it. Why is this your problem, sounds like a problem for the 3rd party.

You send me those files, I have sftp server - create your public key and send it to me so that you can auth should be your only option to them!! Because you do not allow password auth since it less secure that public key auth.

As stated there are sftp client for every OS they could be running, many free - others a couple of bucks.. This really should be the end of the conversation.

Also the files should be encrypted before sending in the first place, so uploading them to an ftp server shouldn't be an issue - but good luck getting them to encrypt the files if they can not even send it sftp ;)

This topic is now closed to further replies.