Using ColdFusion by itself you can not determine the size of
the file until after it's uploaded. Also there is nothing that
would prevent a person from renaming a file from .exe to .jpg and
getting around any restriction that you may have on the client with
To prevent someone from uploading a file that is greater than
a set limit you will need to use either Flash or a Java Applet.
With either or those two options they can check the file size and
or file type (by inspecting the file header) and allow or disallow
the file upload.
There are a number of free/shareware java and/or flash upload
utilities where you can set limits. The target of the upload can
still be a cfm template.