Hmm, perhaps my intentions behind "whys and wherefores" were not clear; my point was merely that, depending on which reasons were operative in the present case, an HTTP-based approach might be appropriate. Let me address your points one by one, comparing an HTTP-based solution to (direct) FTP

1. passwords aren't required for HTTP access; if they are, channel can be encrypted with SSL
2. HTTP standardly uses three ports: port 80, port 80, and port 80. HTTPS uses port 443. Firewall administrators know these ports very well.
3. Apache (e.g.) is pretty secure, even more so if you turn of unnecessary modules.

As far as the poster has so far told us, this system involves read-only access (see the original node title), so the upload issue is, AFAIK, moot (tho' I agree it would be a point against if r/w access is desired). The clients request the files from server A, which is supposed to be able to list and read the files on server B; my suggestion is that HTTP is a possible (given what we've been told so far) channel for A to talk to B.

My point in advocating HTTP as a possible approach is that it's pretty simple. It may be inappropriate, depending on the specifics of the system CodeJunkie is working with.

If not P, what? Q maybe?
"Sidney Morgenbesser"