Secure FTP support for maintaining the Web OPAC
Sierra currently has mixed support for Secure FTP. It is available in some parts of the application, but not others. It is available for transferring files using the File Transfer Software (FTS) product, and for sending files via the Job Scheduler. There is currently no support for Secure FTP for Web OPAC maintenance. The current system only supports using the Web Master function of the Sierra Desktop Application or using insecure FTP programs.
I'd like to suggest that Secure FTP support be added so that organizations can use it to maintain their Web OPACs.
FTP was never designed to be a secure protocol. Any files being transferred via FTP as well as the username/password used for authentication are all sent in clear, unencrypted text. This makes it easy for malicious users to eavesdrop on FTP sessions and steal passwords and files that authorized users are accessing. While FTP was popular in the 1980s and 90s, more secure options have be available since the early 2000s. As a result, security conscious organizations simply block FTP connections. The unique port requirements for FTP also make it more difficult to pass through firewalls than more secure protocols. These days asking a security conscious firewall admin to allow FTP access to Sierra is an uphill battle, assuming they don't dismiss the request outright.
Idea Value
Adding Secure FTP support for Web OPAC maintenance would benefit Sierra customers in the following ways:Primarily, improved security. Usernames, passwords and files used by staff administering the Web OPAC would be properly encrypted while in transit. This is especially important for customers whose servers are hosted by Innovative, where this information is sent over the internet instead of over a local organizational network.It would simplify the firewall requirements for Sierra, by eliminating extra ports used by FTP. Sierra uses the non-standard port 1021 for the FTP control channel, but also requires extra ports to be open, not listed in the documentation, for FTP active/passive data transfers. More secure protocols such as Secure FTP share the same port 22 already used by Admin Corner application.It would provide increased security with the Web OPAC SSL certificate management. Currently Innovative does not have a good way to securely receive private SSL keys for certificate generated outside of the provided CSR generator tool. The suggestion is to "store the private key file in a directory that Innovative staff can access or send it as a zipped attachment." But if the private key is uploaded using an insecure protocol like FTP it compromises the key file and defeats the entire purpose of using SSL / HTTPS.
Our organization does extensive customizations on our Web OPAC. We need an automatable way to upload/download the Web OPAC files in order to keep them in sync with the rest of our website. FTP is an insecure protocol that is 20 years past its due date. It is increasingly difficult to justify our use of FTP to Sierra servers to our network admins and IT departments. A more modern and secure alternative would be greatly appreciated.