Chapter 12. Manipulating Files and Directories

ColdFusion comes with three tags that make it possible to manipulate files and directories on both local and remote servers. These tags enable you to build sophisticated applications such as document management systems, forms capable of accepting file uploads, FTP clients, and more.

The CFDIRECTORY and CFFILE tags allow you to manipulate directories and files on your local ColdFusion server, while the CFFTP tag makes it possible to conduct file transfers between your ColdFusion server and remote FTP servers. Both the CFFILE and CFDIRECTORY tag present potential security hazards, as these tags have direct access to the filesystem of the ColdFusion server. Therefore care should be taken with their use and deployment. Depending on the configuration of your web server and operating system, it may also be possible to upload executable code via the CFFILE tag and execute it on your server. The consequences can be potentially devastating to a system as a user could easily upload malicious code to the server and subsequently execute it. Therefore, both tags can be disabled from the ColdFusion administrator, should you decide not to make them available to developers on your server.

Working with Directories

The CFDIRECTORY tag lists directory contents as well as creates, renames, and deletes directories on your ColdFusion application server. In an application such as a document management system, the CFDIRECTORY tag allows you to do such tasks ...

Get Programming ColdFusion now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.