Use the Administrator page of the Administrator to enable and disable password-restricted access to the Administrator, and to change the Administrator password. Restrict ColdFusion Administrator access to trusted users. You can also configure all users to use a single ColdFusion Administrator password or allow only users defined in the User Manager and the root administrative user to have access to the ColdFusion Administrator.

Use the RDS page to enable and disable password-restricted RDS access to server resources from Adobe Macromedia Dreamweaver MX , Adobe Macromedia HomeSite+ , ColdFusion Extensions for Eclipse, or the ColdFusion Report Builder, and to change the RDS password. You can also configure all users to use a single RDS password, or allow only users defined in the User Manager to have access through RDS.

You use the Sandbox Security page (called Resource Security in the Standard Edition) to specify security permissions for data sources, tags, functions, files, directories, IP addresses, ports, and runtime permissions.

Sandbox security uses the location of your ColdFusion pages to determine functionality. A sandbox is a designated area (CFM files or directories that contain CFM files) of your site to which you apply security restrictions. By default, a subdirectory (or child directory) inherits the sandbox settings of the directory one level above it (the parent directory). If you define sandbox settings for a subdirectory, you override the sandbox settings inherited from the parent directory.

Use sandbox security to control access to the following:

• Data sources

• Tags

• Functions

• Files and directories

• IP addresses and ports

You can also edit runtime permissions for ColdFusion pages.

Use the User Manager page to specify the user name, password, description, access rights, exposed services, sandboxes, and allowed roles for individual users. This page is especially useful for web hosting when multiple ColdFusion applications are on one server, each maintained by a different user or organization.

You can grant access to the ColdFusion Administrator, which also grants access to the Administrator API.

If the administrator revokes the role of a user while the user is logged in, the revocation takes effect only when the user logs in again.

The default user ID of an administrator is admin. To change the administrator user ID, add the following in the neo-security.xml file, replacing admin with the user ID to use:

<var name='admin.userid.root'> 
    <string>admin</string> 
</var>

Specify client IP addresses that have the permission to access exposed services.