Hmm, perhaps my intentions behind "whys and wherefores" were not clear; my point was merely that, depending on which reasons were operative in the present case, an HTTP-based approach might be appropriate. Let me address your points one by one, comparing an HTTP-based solution to (direct) FTP
- passwords aren't required for HTTP access; if they are, channel can be encrypted with SSL
- HTTP standardly uses three ports: port 80, port 80, and port 80. HTTPS uses port 443. Firewall administrators know these ports very well.
- Apache (e.g.) is pretty secure, even more so if you turn of unnecessary modules.
As far as the poster has so far told us, this system involves read-only access (see the original node title), so the upload issue is, AFAIK, moot (tho' I agree it would be a point against if r/w access is desired). The clients request the files from server A, which is supposed to be able to list and read the files on server B; my suggestion is that HTTP is a possible (given what we've been told so far) channel for A to talk to B.
My point in advocating HTTP as a possible approach is that it's pretty simple. It may be inappropriate, depending on the specifics of the system CodeJunkie is working with.
If not P, what? Q maybe?