Front cover - IBM Redbooks

The logout function in iNotes Web Access sends a logout command to the server
to expire a session, if session authentication is being used. iNotes Web Access
also closes the browser window to prevent another user from hitting the back
button to view personal information from the previous screen. In addition to
secure logout, iNotes Web Access does some sophisticated things with caching
algorithms. This is to prevent the storage of information in the local browser
cache in a format that someone could easily view.
It should be noted that the secure logout function does not clear the browser’s
local cache. As Internet Explorer stores content in the browser’s cache, it is
possible to access that information programmatically. iNotes Web Access is
unable to delete those files for users; therefore, they must do it by themselves, or
configure the browser to prevent the local storage of information (Temporary
Internet files) after the session has terminated.
Deleting temporary Internet files automatically
There is an option to configure Internet Explorer to empty temporary Internet files
automatically. This can be enabled in Internet Explorer 5.01 or above by making
the following selections: Tools → Internet Options → Advanced tab and selecting
the “Empty temporary Internet file folders when browser is closed” option.
12.3.4 Differences between iNotes Web Access and Notes security
Most of the Notes Client security features are also available for the iNotes Web
Access user. However, there are some differences between Notes and iNotes
security, specifically the following:
► iNotes does not support secret keys. If a Notes user ID already contains
document keys, iNotes will decrypt the document. However, iNotes does not
support the ability to create or import secret keys. If a user periodically
receives messages that contain secret keys, the user needs to import the
secret keys into their Notes user ID in Notes, then re-import the Notes user ID
into iNotes.
► iNotes does not support new public keys.
► iNotes does not support requested name changes, nor is there the ability to
change the default of “Auto Accept” of changes to the ID. If the Administrator
has set Auto Accept of changes to ID file (name), there is no way in iNotes to
override the auto accept as there is in Notes.
► In iNotes, cross-certificates are stored in the Domino Directory only.
► It is not possible to import a SmartCard-enabled Notes ID into iNotes.
Chapter 12. Security features of other Lotus products 553