Stop ColdFusion 8.
Last updated on
Apr 27, 2021
Issue
ColdFusion 8 uses a root administrator username and password to secure the Administrator interface. Administrators configure the initial root password during ColdFusion 8 installation. This password is changeable via the Root Administrator Password sectionbychoosingSecurity > Administrator in the ColdFusion 8 Administrator, or via the Admin API. ColdFusion 8 allows user-based access to the Administrator interface. Some administrators may want to change the root administrator username for greater security. However, there is no browser-based or programmatical way to change the root administrator username.
Reason
The root administrator username is stored in the neo-security.xml file. It is an alphanumeric string value to the admin.userid.root setting.
Solution
The root administrator username can be changed by editing the admin.userid.root value in neo-security.xml. This is only effective if separate username and password access to the ColdFusion 8 Administrator is enabled. Follow these steps to change the default root administrator username:
-
-
Back up the neo-security.xml file.
- Server configuration: cf_root\lib\neo-security.xml
- Multiserver or J2EE configuration: cf_web_root\cfusion\lib\neo-security.xml
-
Open neo-security.xml and find the admin.userid.root entry.
-
Replace the default string value admin with the desired username.
-
Save the file.
-
Start ColdFusion 8.
After changing the root administrator username, the ColdFusion 8 Administrator login screen will still display the default value admin in the User name field. If single password authentication is enabled, pressing the Login button will simply submit the root administrator password. If separate username and password authentication is enabled for the ColdFusion 8 Administrator, the new username will be able to log in successfully (using the root administrator password), and the default admin username will fail.
