display | more...

TFTP is the Trivial File Transfer Protocol. It's similar to FTP in purpose, except rock stupid. It is used, appropriately enough, to copy files from one node on a network to another. It performs no authentication, and runs over UDP on port 69. It is frequently used by network devices to download their operating system.

Since tftp performs no authentication, the tftpd server will only allow the client to access publicly readable files. tftpd is almost always invoked with a directory on the command line, in which case the client is restricted to files in that directory. When the client requests an absolute filename (one beginning with /) the tftpd may either take it as it is, and refuse the request if the file is outside the tftp directory, or prefix it with the name of the tftp directory. Which it does depends on the version of tftpd and the command-line options used - for example, on Linux systems the "-s" option will cause the second behaviour to be chosen.

Hewlett-Packard X terminals typically use tftp to download their software. They can also use NFS, but this is more difficult to make secure at the server end.

Log in or register to write something here or to contact authors.