Why SFTP Beats FTP: Secure File Transfer for Java Projects

In my past development experience, I often encounter file transfer requirements such as business reports, invoices, and other documents that need to be exchanged with partners.

Log archiving and image material upload;

Daily scheduled upload of reports to a third party;

Third‑party pushes files to our server for parsing and processing.

These needs can be implemented in many ways, for example via HTTP download, email attachments, or SFTP. This article focuses on the SFTP protocol.

“Every day we need to upload sales reports to the client’s server, and they automatically pull them each morning.”

Initially, Xiao Li, an IT staff, searched for a solution and found the classic FTP protocol. He quickly configured an upload program and thought the problem was solved.

Report File Leakage

“Why are the files we uploaded appearing on other platforms? Did we leak them?”

Confused, Xiao Li realized the issue was that FTP transmits data in clear text. A senior colleague pointed out that using FTP is like a courier shouting the contents of the package while walking down the street, allowing anyone to see the data.

FTP = Delivery Guy

Does not seal the package;

Shouts the content while walking;

Anyone on the road can peek.

Consequently, passwords and files are exposed to potential attackers.

SFTP = Agent with Sunglasses

Wears sunglasses and moves silently;

Encrypts the file and locks the box;

No one can see the content en route;

Even if intercepted, the box cannot be opened.

SFTP is based on SSH, providing secure, encrypted file transfer.

SFTP vs FTP Differences

Metaphor

FTP

SFTP

Courier

Ordinary delivery guy

Security agent

Content protection

Plain text, anyone can see

Fully encrypted, unreadable

Credentials

No protection, written on the package

Encrypted login, key required

Port

21

22 (shared with SSH)

Firewall traversal

Poor

Better

Java support

Not native in JDK

Requires libraries such as JSch, Apache Commons VFS, SSHJ

1. SFTP (SSH File Transfer Protocol) is based on SSH, uses port 22, and is the enterprise standard for secure, stable file transfer. 2. FTP transmits data and credentials in clear text, making it vulnerable to man‑in‑the‑middle attacks and offering poor firewall penetration.

1 ┌─────────────┐      ┌────────────┐
2 │  Local client │────▶│  FTP server │
3 └─────────────┘      └────────────┘
4      ▲ Plain text transfer, port 21 ❌ insecure
5 
6 ┌─────────────┐      ┌────────────┐
7 │  Local client │────▶│  SFTP server │
8 └─────────────┘      └────────────┘
9      ▲ SSH encryption, port 22 ✅ recommended

Why Java Projects Prefer SFTP

In typical Spring Boot or middle‑platform systems that need to exchange files with third parties, SFTP is the best choice because it offers security, cross‑platform compatibility, the ability to reuse existing Linux SSH users, and multi‑language support (Java libraries such as JSch, Apache Commons VFS, SSHJ).

Java developers can use JSch to implement upload and download functionality.