Results 1 to 7 of 7

Thread: Web Client Login Security

  1. #1
    Join Date
    Feb 2010
    Location
    France
    Posts
    45
    Rep Power
    5

    Default Web Client Login Security

    This relates to the fact that my company has a lot of remote workers. Security concerns have been raised around someone just going into a business centre at a hotel and then leaving themselves logged into Zimbra with the web client in the history. These type of users are unlikely to respond to training in this area and as long as the window is open for people to be able to do this, it's going to be a problem.

    I have it set so that if someone tries to browse away or close the browser they will receive the warning so they can logout.

    What I'm wondering is does anyone else have another way to deal with this problem. I would put the server on the VPN so that you have to access it that way but that's going to create problems with those picking up mail with cellphones. The same apples to just allowing access for IP ranges or MAC addresses.

    Any thoughts welcomed. The only one I have so far is Mojopac

  2. #2
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    why not set the zimbraMailIdleSessionTimeout for your users?

  3. #3
    Join Date
    Feb 2010
    Location
    France
    Posts
    45
    Rep Power
    5

    Default

    I thought about this also, the default is 2 days I believe?

    The only issue I could think here would be that it would be pretty annoying if you use the Web Client as your main interface it's constantly expiring your session.

    There is perhaps a happy medium in there though, thanks a lot for your input.

  4. #4
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Well you have got me thinking about this ... perhaps another approach would be to check the active sessions and if you know somebody should not be logged in at a certain time you could flag it. You can get a list of them using
    Code:
    su - zimbra
    zmsoap -z -t admin GetSessionsRequest @type=soap

  5. #5
    Join Date
    Feb 2010
    Location
    France
    Posts
    45
    Rep Power
    5

    Default

    That sounds like I a lot of overhead to have to keep checking on that though. With a lot of people in a lot of different countries it's going to be a nightmare to know when people are supposed to be logged on or not.

    Doesn't that command only apply to admin users? I'm talking about the standard users here, the admins are no problem

  6. #6
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    The 'admin' means you are making a call to the Admin SOAP interface to get the details. I was just thinking whether there was a way to capture sessions that have been logged in for a long time and disconnect them automatically.

  7. #7
    Join Date
    Feb 2010
    Location
    France
    Posts
    45
    Rep Power
    5

    Default

    Ah alright. Thanks

Similar Threads

  1. Limit web client login to lan
    By digitaltendencies in forum Administrators
    Replies: 2
    Last Post: 11-29-2009, 09:07 PM
  2. Zimbra Mobile Web Client questions
    By sdemeyer in forum Administrators
    Replies: 1
    Last Post: 02-03-2008, 01:25 PM
  3. Replies: 0
    Last Post: 01-11-2008, 12:02 AM
  4. Problem after change the Web mail client port number
    By eugeneewe in forum Installation
    Replies: 2
    Last Post: 07-19-2007, 06:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •