Help
Login Page(s) | Message Screen | Read/Compose/Reply/Forward | Deleting Messages | The Address Book | Logout | F.A.Q. | Home

     So not much really needs to be said about Closing and Logging out except: Make sure you ALWAYS click the LOGOUT button when you are done with your current session. Sorry about shouting, but I hope I got your attention. I'm going to step onto a small soapbox and give you a little sermon about security. If you already understand about cookies and persistent (URL) server variables and how web browsers work, just re-read the bolded text above and that's all the more I can tell you.

     This client uses a combination of Perl, JavaScript, HTML, cookies, and persistent (URL) server variables to do all it's behind-the-scenes work. There is also a MySQL database server that helps us with the Address Book and User Options. The system itself runs on a total of 4 Linux-based servers: 3 identical "clustered" machines and one slightly more powerful "redirector" machine (this is the one that monitors load and determines which machine will work best for your particular session). We have done our absolute best and then some to make it as secure as possible, but there are some things which you - the user - must do for yourself to ensure the best possible security.

1.     Never, ever leave yourself logged in and walk away from your machine. Logout first, lock the machine, do something. Someone with malicious intent only needs a few moments to wipe out or otherwise compromise your mailbox.

2.     In the later versions of Internet Explorer and Netscape Navigator there is a feature to "remember" information typed into web site form fields. Do NOT use this feature - especially if it can remember password fields as well. All someone has to do is type the first letter or two in the field and the browser will fill in everything else for them. Yes, it sounds so convenient at the time - but it perhaps the biggest intentional security hole created in a browser to date. Check your individual browser on how to disable this feature as soon as possible.

3.     Always, always click the "Log Off" button when you are done. Some of you may have noticed the large jumbled string in your address/URL bar - this is an encrypted string that contains your username, password, mailserver, user options and a date-time stamp. Each time you log into this client, we create a cookie with the date-time stamp. This cookie is compared to the one in the string and if they match, the system draws the page. If they do not match or the date-time cookie doesn't exist, the system forces you to log in again. A new cookie is written and the encrypted string is modified. There were a few reasons beyond the obvious for doing this: if you receive an email with linked images, the server that contains those linked images will log where the request is received. This log will contain the entire string in the address/URL bar. If we didn't do the date-time cookie compare, a less-than-scrupulous person could use that log entry to open your mailbox whenever they want to do so. When you click the "Log Off" button, the system deletes this date-time cookie until the next time you successfully log in again.

Okay, I'm done preaching now, so in closing: Make sure you ALWAYS click the LOGOUT button when you are done with your current session. :)