Controlling Availability Of Webaccess Features - Novell GROUPWISE 8 - ADMINISTRATION Administration Manual

User Interface/Use Cookies/Disable Caching: You can increase security by using session
cookies and disabling caching of WebAccess information. Session cookies and caching are
configurable on a per-user interface (template basis). For example, you could use session
cookies and disable caching for the Standard HTML interface and not use session cookies or
disable caching for the Wireless Markup Language interface.
Use Cookies: Select this option if you want the WebAccess Application to use a session
cookie to secure the user's session. The session cookie, which is created when the user
opens the session, ties the session to the browser and ensures that the WebAccess
Application accepts session requests from that browser only. The session cookie is held in
memory and exists only as long as the user is logged in.
By default, session cookies are enabled for all interfaces, with the exception of the Web
Clippings interface, which does not support session cookies.
Disable Caching: This option affects both Web browser caching and proxy server
caching. Because the WebAccess Application sends sensitive mailbox information (such
as message text and passwords) to users, caching of files by Web browsers and proxy
servers can pose an information security risk.
If you select the Disable Caching option, the WebAccess Application includes a disable
caching request in the header of each file that it sends. By default, Web browsers honor
this request and does not cache files that include the request. Proxy servers, on the other
hand, might or might not honor the request, depending on how they are configured. If the
proxy server honors the request, the file is not cached; if it does not honor the request, the
file is cached, regardless of this setting.
Single Sign-On: The WebAccess Application supports authentication to GroupWise using
Base64 authentication header credentials generated by a trusted server (for example, a Novell
®
Access Manager Authentication Server). The authentication header generated by the trusted
server must contain the username and password required to log the user into GroupWise. For
this to occur, one of the following conditions must be met:
The regular GroupWise username and password must match the credentials passed from
the trusted server.
or
The LDAP authentication credentials used by each POA (if LDAP has been enabled) must
match the credentials passed from the trusted server (Post Office object > GroupWise >
Security).
If the credentials passed from the trusted server match the credentials being used by the
GroupWise system, then the GroupWise WebAccess login page is bypassed and the user has
immediate access to the requested mailbox.
To specify a trusted server whose authentication header credentials are accepted by the
WebAccess Application, click Add to display the Add Trusted Server Information dialog box,
then provide the server's IP address or DNS hostname. For more information about the fields in
the Add Trusted Server Information dialog box, click the dialog box's Help button.

54.2.5 Controlling Availability of WebAccess Features

By default, WebAccess users can:
Spell check messages
Search LDAP directories
Configuring WebAccess Components 911