Overview

WS_FTP can be configured to verify file transfer integrity with algorithms that guarantee files are transferred without being tampered with between the source and destination locations.

This chapter provides an overview of the File Transfer Integrity feature and describes how to use it within WS_FTP.

If supported by the FTP server, WS_FTP can perform a file integrity check on all transferred files. As part of the last step of the transfer, both the FTP client and the FTP server perform a cryptographic hash of the transferred file. If the values agree, both sides "know" that the file transferred is completely identical to the original. The results of the file checks are displayed in the WS_FTP log.

This feature detects data modification so connection hijacking attacks (when an attacker reads, inserts, or modifies files in transit) can be detected in file transfers.

So how does file transfer integrity work?

First, file transfer integrity is enabled on a site-by-site basis be selecting the Check Transfer Integrity option in the Site Options > Transfer dialog.

Once enabled for a site, the type of integrity checking done is controlled by the Program Options> File Integrity dialog. WS_FTP will use all the file integrity algorithms that are selected, in the order they are displayed, to check a file after transferring. For each algorithm, WS_FTP will check the response from the server to see if the server supports it (using the FEAT command). If the server returns an error, (usually “500 command not supported”), WS_FTP will try the next algorithm, and remember the ones that the server does not support. Support of a particular file integrity algorithm can be checked by looking for errors in the Connection Log after a file transfer.

WS_FTP will use the following commands to the server for integrity checking: XCRC, XMD5, XSHA1, XSHA256, XSHA512, and XSHA384. Although none of these commands have the weight of Internet standards, one or more of these commands are supported by most of the servers that support integrity checking.

If no file integrity algorithms are supported by the server, then, as a last resort, if the Use size comparison in Transfer Integrity Checking option is selected, WS_FTP will check the size of the recently transferred file by sending the SIZE command to the remote server. If the server supports the SIZE command (and not all servers do), WS_FTP will compare the value returned from the server with the size of the local file. Although this is not a guarantee of file integrity, it is a minimum check that the correct number of bytes were transferred.

The algorithm strength also impacts the time it takes to verify file integrity. The higher the algorithm strength, the longer the transfer verification takes.