Chapter 12. Manipulating Files and Directories
ColdFusion comes with three tags that make it possible to manipulate files and directories on both local and remote servers and an additional tag that can be used to execute command-line programs on a local ColdFusion server. These tags enable you to build sophisticated applications such as document management systems, forms capable of accepting file uploads, FTP clients, and more.
The cfdirectory and cffile tags
allow you to manipulate directories and files on your local
ColdFusion server, while the cfftp tag makes it
possible to conduct file transfers between your ColdFusion server and
remote FTP servers. The cfexecute tag lets you
execute command-line programs. cffile,
cfdirectory, and cfexecute
present a potential security hazard, as these tags have direct access
to the filesystem of the ColdFusion server. Therefore care should be
taken with their use and deployment. Depending on the configuration
of your web server and operating system, it may also be possible to
upload executable code via the cffile tag and
execute it on your server. The consequences can be potentially
devastating to a system as a user could easily upload malicious code
to the server and subsequently execute it. Therefore, both tags can
be disabled from the ColdFusion administrator, should you decide not
to make them available to developers on your server.