Security issues

Since a TFTP client is not asked to enter any username/password to download or upload a file from a TFTP server, for obvious security reasons I recommend to shut down the TFTP server when you don't need it.

The TftpServer application requires an admin user's password on its first run: such a password is used to setuid root some helper tools, bundled into the TftpServer app, that are used when it's necessary to start/restart the xinetd system daemon (on 10.2-10.3 systems xinetd is the super-daemon that manages the majority of the network-related daemons, including tftpd) or to run the launchctl command-line tool (on 10.4 systems xinetd has been superseeded by launchd, a new and more flexible superdaemon introduced by Apple); such tools are also used to make the requested changes to the tftpd daemon's configuration file, that is owned by the root user. Once the password is entered and the external tools are owned by root with their "set-user-ID-on-execution" bit on, they may run the necessary actions as root with no further request of an admin password; for this reason, all admin users on the Mac will be able to start/stop/reconfigure the TFTP service, and this may not be appropriate on all systems.

The use of tftp does not require an account or password on the remote system. Due to the lack of authentication information, tftpd will allow only publicly readable files to be accessed. Files may be written to only if they already exist and are publicly writable. Note that this extends the concept of "public" to include all users on all hosts that can be reached through the network; this may not be appropriate on all systems, and its implications should be considered before enabling tftp service.

Also note that fixing the permissions for all the TFTP working path's parent folders will set them to Read/Write/eXecute for the owner user and Read/eXecute for group and others: if you have sensitive data (that you don't want other users on your Mac to be able to read) in one of these folders I suggest you to move the TFTP folder to a safest location (e.g. /var/tftp). For example, if you would use as TFTP working path a folder named Tftp_files and located under your Documents folder, all your documents will become readable by all users on the Mac where you enable the TFTP server (by default all folders in you Home are instead set to Read/Write/eXecute for the owner and no permissions for group and others).