Hello,
I am using C# 2008 SP1
I developed a program that will be run on several user computers, ranging from a few hundred to a few thousand.
What is the best way to download the files to update the user program HTTP or FTP? Also, are the security issues related to each protocol?
Many thanks
The easiest way to handle this is probably via a ClickOnce deployment. But that isn't an option for everyone.
Either protocol should work most all the time, HTTP might be a bit more likely to be working (i.e. if the only way to connect to the internet on that system is through an HTTP proxy).
As for security, neither protocol ensures that the server is actually the right server... so really, there's not really any. HTTPS would solve that problem, but might not be possible.
If security (not privacy) is a concern, I'd recommend signing the package and verifying the signature with a public key embedded inside your application after downloading, that way you won't need to verify that the protocol is secure.
An FTP stream seems to be more problematic to secure due to its nature. It seems to be more trivial to implement HTTPS to secure the stream itself.
But in general, unless the bits themselves are sensitive, you might be barking up the wrong tree. Protocol is usually not as important as authentication/authorization and other application-level concerns when talking about application updating.