Does FTP provide any type of integrity?
No, FTP does not include integrity protection as a feature of the protocol. You can use SFTP which runs over SSH and does have built-in integrity checks (scp
is another option that uses SSH).
You can roll your own integrity protection by manually comparing a checksum calculated locally with one calculated either on the remote host itself or by the origin client who uploaded it. MD5 is a typical choice, and you can calculate the MD5 checksum by running openssl md5 <file>
on most Unix-like systems.
If you can't use SSH, hopefully that means you have no remote shell access at all. If that is true, then you would need to compute the checksum prior to uploading the file, then store it somewhere (e.g. md5.txt
) for future reference. That assumes that you are the one uploading the files which may not be the case.
There is an IETF Draft which defines a new HASH
command for FTP, to address these sorts of needs. Some FTP servers have support for HASH
, as well as some of the earlier commands of this sort, e.g. XCRC
, XMD5
, XSHA1
, etc. And some FTP clients, such as SmartFTP, use these commands when available.