ColdFusion comes with three tags that make it possible to manipulate files and directories on both local and remote servers. These tags enable you to build sophisticated applications such as document management systems, forms capable of accepting file uploads, FTP clients, and more.
allow you to manipulate directories and files on your local
ColdFusion server, while the
CFFTP tag makes it
possible to conduct file transfers between your ColdFusion server and
remote FTP servers. Both the
CFDIRECTORY tag present potential security
hazards, as these tags have direct access to the filesystem of the
ColdFusion server. Therefore care should be taken with their use and
deployment. Depending on the configuration of your web server and
operating system, it may also be possible to upload executable code
CFFILE tag and execute it on your server.
The consequences can be potentially devastating to a system as a user
could easily upload malicious code to the server and subsequently
execute it. Therefore, both tags can be disabled from the ColdFusion
administrator, should you decide not to make them available to
developers on your server.
CFDIRECTORY tag lists
directory contents as well as creates, renames, and deletes
directories on your ColdFusion application server. In an application
such as a document management system, the
CFDIRECTORY tag allows you to do such tasks ...