Skip to main content

FTP Publishing and the Security Challenge

FTP Publishing, as a way of letting us publish blogs to non BlogSpot URLs, presents many challenges - both to us, and to Blogger. I've written, repeatedly, about the stability and the support, issues. There's a third issue - security - which has several interesting details.

One of the reasons why FTP Publishing is a major challenge for everybody is that there are 3 parties involved in the process - you (the bloggers), Blogger (Blogger Support), and your host server (the host server support staff). Each of the 3 parties has to protect itself, because each of the 3 parties is at risk from the FTP publishing process.
  • You connect your computer to Blogger , and the Blogger FTP publishing server ("publisher"). And you connect your computer to the remote host. That's two sets of computers that you don't own, or control. And that's two sets of risks.
  • Blogger connects its computers to yours (permits you to connect to theirs), and they connect their computer (FTP "publisher") to your remote host (as well as to thousands of other remote host servers). Again, two sets of risks.
  • Your host server has to accept a connection from the Blogger publisher, as well as dozens of other computers used by you, and by others of their customers, like you.
  • With Blogger blogs published to BlogSpot, or to a Google server, Google can monitor content, and verify that it's not in violation of Blogger / Google TOS. With Blogger blogs published by FTP to an external server, this is not true. It's a trivial matter to publish non Blogger content on a web site that accepts FTP published content.


Any computer, directly connected to the Internet, exposes itself to immense security risks. Anybody with a computer connects their computer to the Internet through a firewall. In order to connect to any computer through the Internet, a hole has to be made through the firewall.

When Blogger connects their computer to your host server, they open a small hole in their firewall, and require that your host server open a bigger hole in theirs. PASV FTP, which is the way Blogger connects to your host server, requires a small security risk at the client end (Blogger), and a larger security risk at the server end (your host server). Not all host server support staff are willing to make the necessary security changes required. Some negotiation is required, when setting up FTP Publishing, from time to time.

>> Top

Comments

Popular posts from this blog

What's The URL Of My Blog?

We see the plea for help, periodicallyI need the URL of my blog, so I can give it to my friends. Help!Who's buried in Grant's Tomb, after all?No Chuck, be polite.OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".

Leave Comments Here

Like any blogger, I appreciate polite comments, when they are relevant to the blog, and posted to the relevant article in the right blog. If you want to ask me a question thats relevant to blogging, but you can't find the right post to start with (I haven't written about everything blogger related, yet, nor the way things are going I don't expect to either), ask your questions here, or leave an entry in my guestbook.

As noted above, please note my commenting policy. If you post a comment to this post, I will probably treat it as a "Contact Me" post. If you have an issue that's relevant to any technical issue in the blog, please leave a comment on the specific post, not here. This post is for general comments, and for non posted contact to me.

If the form below does not work for you, check your third party cookies setting!

For actual technical issues, note that peer support in Blogger Help Forum: Something Is Broken, or Nitecruzr Dot Net - Blogging is, almos…

What Is "ghs.google.com" vs. "ghs.googlehosted.com"?

With Google Domains registered custom domains becoming more normal, we are seeing one odd attention to detail, expressed as confusion in Blogger Help Forum: Learn More About Blogger.My website uses "ghs.google.com" - am I supposed to use "ghs.googlehosted.com", instead?It's good to be attentive to detail, particularly with custom domain publishing. This is one detail that may not require immediate attention, however.