While the Web Distributed Authoring and Versioning (WebDAV) protocol is more closely associated with collaboration activities, it’s also equipped with file transfer functionality. But how good is it as a file transfer solution? Can it, for instance, match the capabilities of the File Transfer Protocol (FTP)? Let’s find out.
Defined in RFC 4918, the WebDAV protocol is a set of extensions for the Hypertext Transfer Protocol (HTTP). Through built-in functionality like file sharing and file locking, WebDAV enables users to work collaboratively with files hosted on an HTTP server. These features allow multiple users to work remotely on the same file while ensuring other users can’t make changes if a user is currently editing the file in question.
WebDAV functionality doesn’t end there, though. It also provides file transfer and file management functionality, just like FTP.
As the full extension of the acronym suggests, FTP is built primarily for file transfer activities. FTP was the de facto standard for file transfers for several decades. It is, however, quite old. Its official specification, RFC 959, was released in 1985. WebDAV was introduced over two decades later and was built to address a broader set of business needs than just file transfer. That said, we’ll limit our comparisons in this post to the file transfer-related characteristics of these two protocols.
Let’s start with speed and performance.
To compare the speed and performance of the two protocols, we conducted a series of tests using JSCAPE by Redwood products: JSCAPE AnyClient as our file transfer client and JSCAPE MFT Server as our file transfer server. Both JSCAPE AnyClient and JSCAPE MFT Server support WebDAV and FTP, along with several other file transfer protocols.
Since speed and performance usually matter when transferring large files, we used a 1GB file as our payload. Moreover, since speed and performance also matter most in high latency networks, we deployed JSCAPE AnyClient on an Amazon EC2 instance in the North Virginia region and JSCAPE MFT Server on another EC2 instance in the Singapore region. The wide distance between the two Amazon Web Services (AWS) regions introduced a high degree of latency to our tests.
WebDAV file transfer in action
Here’s a summary of the results:
FTP average throughput: 28.70 MBps
FTP standard deviation: 5.11 Mbps
WebDAV average throughput: 31.91 MBps
WebDAV standard deviation: 9.05 MBps
Our empirical evidence shows that WebDAV is, on average, faster than FTP. That said, WebDAV’s higher standard deviation suggests that its performance is less predictable and can vary significantly from one file transfer session to the next. Although FTP showed a slower average speed, its speeds were more consistent.
Advantage: WebDAV
Like speed and performance, data security is crucial to file transfers. Data transfers that involve sensitive information such as personal data, financial data and intellectual property have to be protected from cyber threats. Without ample security, your data transfers could be compromised and your organization subjected to a business-impacting data breach.
Business-related data transfers require an extensive array of security controls. But for this post, let’s zoom in on two critical controls commonly found in WebDAV and FTP services deployed in business environments.
Authentication ensures that only legitimate users can access your file transfer system. Although security-conscious organizations require at least two-factor authentication (2FA), most 2FA and multi-factor authentication (MFA) systems involve password-based authentication. Fortunately, both WebDAV and FTP already come with built-in password-based authentication.
If you use WebDAV over plain HTTP, your file transfers can be subjected to man-in-the-middle (MITM) attacks. In this type of attack, a hacker can intercept your connection and steal information sent through that connection. To counter these types of attacks, you can run your webDAV connection over Hypertext Transfer Protocol Secure (HTTPS) instead of just plain HTTP.
HTTPS is essentially HTTP but protected by a cryptographic protocol that encrypts the HTTP connection and prevents an MITM attack from succeeding. In the past, that cryptographic protocol used to be Secure Sockets Layer (SSL). These days, however, most organizations use Transport Layer Security (TLS) for the same purpose. In fact, TLS is the cryptographic protocol used by secure websites and is a key component of secure internet infrastructure. When WebDAV is protected by either SSL or TLS, it’s called WebDAVS.
Like WebDAV-over-HTTP, plain FTP can also be subjected to MITM attacks. To prevent these attacks, many FTP implementations are protected by SSL/TLS as well. FTP implemented in this manner is called FTP Secure or FTPS.
It’s worth noting that some organizations run their WebDAV and FTP connections through a virtual private network (VPN). A VPN provides data-in-transit encryption, so it can be used as an alternative to or as a second layer of protection to SSL/TLS.
Advantage: Tie
Before we proceed, we’d like to point out that FTPS is different from SFTP, a highly popular secure data transfer protocol. While FTPS stands for FTP over SSL, SFTP stands for Secure File Transfer Protocol. Unlike FTPS, SFTP is not related to FTP. Also, whereas FTPS derives its security features from SSL/TLS, SFTP gets its security features from Secure Shell (SSH).
We have already published a blog post that covers the differences between FTP, FTPS and SFTP. So, if you want to dive deeper into that discussion, you may read that post.
Since WebDAV runs on top of HTTP/S, your firewall just needs to allow HTTP or HTTPS connections for your WebDAV solution to work. That means you just have to open the port numbers associated with HTTP or HTTPS, depending on which of the two services you’re using for your WebDAV service. Normally, that’s just port 80 for HTTP or port 443 for HTTPS.
FTP firewall configurations aren’t as straightforward though. Unlike HTTP or HTTPS, FTP doesn’t operate on a single port. Every FTP file transfer requires two connections — one for the command or control channel and another one for the data channel. These connections involve different port numbers.
Not only that, FTP also operates on either one of two modes: active or passive. We won’t go into the details, except to say that FTP firewall considerations are substantially more complicated. If you want to gain a deeper understanding of FTP and its corresponding firewall settings, read our blog post on active FTP vs passive FTP.
Advantage: WebDAV
In choosing a file transfer server, especially one that’s supposed to facilitate user-initiated file transfers, it’s important to consider the accessibility of corresponding file transfer clients. When a remote server uses a protocol supported by readily accessible file transfer clients, your IT staff won’t have difficulty onboarding users.
All major operating systems, including Microsoft Windows, macOS and Linux, have a built-in WebDAV client. If your built-in clients don’t meet your requirements, you can easily install dedicated WebDAV-capable file transfer applications like AnyClient, WinSCP and Cyberduck. You can also find several Android and iOS apps that offer WebDAV support. Thus, in regards to user accessibility, WebDAV is a good choice.
That said, FTP is no slouch in this department either. Like WebDAV, FTP is also supported by all major operating systems, which even provide command-line FTP clients. You can even find a plethora of mobile apps that allow you to access FTP servers from iOS and Android.
Connecting to an FTP server via macOS Finder
Advantage: Tie
As mentioned earlier, WebDAV runs over HTTP/S. That means in order to offer a WebDAV service, you’ll need to set up a web server first. “Web server” is just another term for HTTP/S server.
So, for instance, popular HTTP servers like Apache and Nginx readily support WebDAV. However, before you can configure WebDAV using either of these two server applications, you’ll need to have an operational Apache web server or Nginx web server first. After that, you’ll have to configure the WebDAV module or extension on the web server in question.
By comparison, FTP doesn’t have dependencies the way WebDAV does. Once you’ve deployed and set up your FTP server, you’re good to go. Due to the additional steps required for setting up WebDAV, it’s easier to deploy an FTP server than a WebDAV server.
Advantage: FTP
You don’t have to rack your brain choosing between WebDAV and FTP. Besides, in many business data transfer scenarios, you may need both. Some of your trading partners might prefer to transfer files via WebDAV, while others might prefer FTP. It would be best if you could easily interoperate with any trading partner regardless of their preferred file transfer protocol.
You can easily achieve that level of flexibility by using JSCAPE MFT by Redwood. JSCAPE MFT is a managed file transfer (MFT) solution that supports multiple file transfer protocols, including WebDAV, FTP, FTPS, SFTP HTTP, HTTPS, Applicability Statement 2 (AS2), Secure Copy Protocol (SCP), Odette File Transfer Protocol (OFTP) and others.
In addition, JSCAPE MFT is equipped with a low code/no code automation feature that enables you to build automated file transfer workflows with just a few clicks. Want to witness JSCAPE MFT firsthand? Schedule a demo with us here.