MIT

Web Guide is no longer being maintained and the information on this page may be out of date. For assistance with managing course materials, please visit MIT's Stellar course management system.

Academic Web Page Creation Guide


Publishing Your Pages > Transferring Files

Transferring Files to a Web Site

The term "file transfer" refers to the process of copying files between your own computer (or disk) and another computer (or file server). For example, a Web author may create pages on a Mac or PC and then transfer or "upload" them to the Athena locker which houses the Web site. File transfers are often referred to in terms of "uploading" (from your "local" system to another "remote" system) or "downloading" (the reverse process, copying files from remote to local).

If you are not familiar with this process or are new to Web publishing in the MIT environment, the diagrams in the Overview section may help. If you are not familiar with the structure of a typical course locker or the correspondence between URLs and Athena (AFS) directory paths, see the section on Using an Athena Course Locker for Your Web Site. (Each of these links should open in a separate browser window so you can continue reading this page; if they don't, use your browser's Back button to return here).

On this page:

Step-by-step instructions

Before you begin, you should be aware that many common methods of file transfer are insecure (i.e., they send your password over the network in the clear, without any protection). To avoid compromising your account, machines you access remotely, and MITnet as a whole, you should be sure that you understand the section below on security considerations.

Fall 2002 update: Plop and WS-FTP for Windows and Fetch version 3.0.4b6sec for Mac are slated for de-support on December 31, 2002. Instead, IS recommends FileZilla for Windows and Fetch 4.0.2 for Mac. The information on this page covers other various options currently available and may seem overly complicated; please don't hesitate to contact us if you're confused or see the Secure File Transfer at MIT page for more information.

Common settings for all platforms

Some applications allow you to save some of this information so that you won't have to retype it for each file transfer session. (For example, you may be able to create a configuration containing your name and the path to your locker's Web directory.)
host, hostname, or server name
Name of the machine to which you are connecting. For Athena: ftp.dialup.mit.edu
path or remote directory
Path to the directory which you want to access; for an Athena course locker, you need the full AFS path. For example, to upload to the 29.123 www directory, you would use: /afs/athena.mit.edu/course/29/29.123/www
username
Your Athena username (aka Kerberos principal or MITnet ID). If you do not have an account yet, see How to Register for an Athena Account or contact Athena User Accounts at x3-1325.
password
Before you type your password, see the information on secure file transfer methods.
file type or transfer type
This tells the program whether to transfer the file in text or binary mode; the wrong transfer type will cause the file to be corrupted. Some programs may try to autodetect file type, but it's usually best to set it explicitly. Use text or ascii for plain text (including HTML), PostScript, and PDF files. Use binary or raw for all other types (including images).

Windows file transfer methods

As noted above, the two following utilities are slated for de-support on December 31, 2002 but are listed here for user's convenience.

Mac file transfer methods

Unix file transfer methods

File transfer vs. file management

File transfer programs generally allow you to do two basic tasks on a remote system: add a new file, or replace a file already there with one of the same name. When uploading a file, you should exercise some caution, as many programs will not warn you before overwriting an existing file of the same name. For example, if you want to replace the file /mit/29.123/www/exams/index.html but try to upload the new index.html to the directory /mit/29.123/www (instead of to /mit/29.123/www/exams), you'd end up overwriting the top-level page /mit/29.123/www/index.html.

Some programs allow you to do other types of file management (such as removing, renaming, or moving files, or manipulating directories), but there are cases in which you may need direct access to the remote system. For example, if your site is housed in an Athena locker and you want to check the quota (how much disk space you have) and delete some files in order to make room for more, you would log in to Athena and use Athena commands to accomplish these tasks. In general, Web file management on Athena lockers is a two-step process:

  1. Use an Athena workstation, or login to Athena remotely with a program such as SSH (SecureCRT for Windows) or kerberized telnet (HostExplorer for Windows, BetterTelnet (formerly NCSA Telnet) for Mac).
  2. Use Athena commands for web publishing.

Security considerations

There are several different ways of transferring files; an important distinction is whether or not each method is secure. Regular FTP programs and file transfer features within Web-publishing applications send your password over the network in the clear, which poses a serious security risk. (This is the same basic problem as with insecure telnet but on a larger scale: your password may be exposed not only when you first connect but again with each file transferred during that session.)

Among the security breaches which have been posed from within and outside MIT are snoopers who use "packet sniffing" tools, which are widely available and impossible to detect. These tools let snoopers capture cleartext userids, passwords, and other data transmitted across a network, which they can then use to gain access to individual accounts and the network as a whole. Incidents of this kind are not at all rare, and it is up to all of us do our part in preventing them by protecting our MITnet passwords.

The table below summarizes security levels of different methods, and available alternatives. For more information, see the ACS Notes on Secure File Transfer and IS page on Secure File Transfer at MIT.

Fall 2002 update: Starting very soon, MIT will no longer allow insecure connections to the dialup servers.

Method Secure? Safer alternative?
Standard FTP (e.g. WS_FTP on Windows, old Fetch**** on a Mac, or Unix ftp) no Kerberized FTP if available, or change password for FTP session* (don't use program's "save my password" option**)
File transfer features within an HTML editor or other Web-preparation software (usually labelled something like "upload/download" "publish" or "site maintenance") no change password for duration of file transfer*
don't use program's "save my password" option**
Reverse ftp (through Kerberized Telnet for Mac) semi*** change password for duration of ftp session*
kermit with Kerberized HostExplorer for Windows yes  
Kerberized FTP (e.g. FileZilla for Windows, Fetch for Mac) yes  
File transfer features in SSH (Secure Shell) yes  
FTP through an encrypted SSH channel yes  

* If you must use an insecure file transfer method, there is one thing you can do to reduce the risk of a security compromise: change your password after the file transfer. (That way, if anyone does intercept your session, the password they get will only be valid until you complete the session and change it.) If you want to keep your original password, you can change your password before starting the file transfer, and then change it back again to the original once you're done.

** Some programs include an option to save or "remember your password; you should not use this -- especially for your Athena password -- as it would allow someone else to sit down at your machine and use your identity to copy files or make other changes.

*** This is called "reverse FTP" because you are setting up an FTP server on your Mac and connecting to that from your (secure) telnet client, rather than connecting to an Athena FTP server with an FTP client program like Fetch. It is reasonably secure as long as you:

**** prior to 3.0.4b6