Security features

Jorani is a secured system :

  • Jorani requires valid credentials and an active connection to perform any operation.
  • Nobody can intercept your password even if you don't use a secured connection (HTTPS).
  • Password is ciphered into the database, so nobody can read it.
  • Jorani has two user roles : admin and user. the role is checked before performing any operation.
  • The sources are publicly available so you can check by yourself what is done by the software.
  • Jorani doesn't use third party web services or obscure code : all is clear and hosted where you choose to install it.

Let's discuss some technical features.

At controller level

Jorani check the user's credentials to see if the operation can be performed or not. Ajax endpoints are secured as well. So a user cannot copy/paste an URL coming from the administration page so as to force the validation or the deletion of a request if he is not granted with HR privileges.

Jorani sanitizes inputs with a security filter. Jorani is protected against XSS and SQL injection attacks.

At browser level

Jorani uses an encrypted session cookie.

At database level

Jorani uses BCRYPT algorithm so as to store password (hash with a salt). So, even if someone stoles the database, he will not able to read the passwords.

Secured login form

Jorani can be hosted on HTTP servers without activating SSL because password is never sent in clear. Jorani uses RSA algo encryption in order to send the encrypted password to the server.

Your data belong to you

Jorani does not send data to third party systems, companies or organization. Jorani does not collect statistics on your usage or your data. Data are stored in one place : the location where you installed it.

Tags :    feature 

Support the project

You may also like

What version of PHP is recommended for Jorani?

We realised a benchmark of the different PHP versions (5.3 up to PHPng and HHVM) so as to recommend a runtime.   Read »

Delegate validation leave

A manager may temporarily or permanently entrusts with the validation of requests for leave to another employee, is the delegation.   Read »

High performance with nginx and HHVM

Jorani is compatible with HHVM and nginx. This tutorial explains how to achieve a high performance installation.   Read »

Description of the configuration file

It is possible to customize the behavior of Jorani by modifying the main configuration file.   Read »

Installing Jorani on Ubuntu server

How to install Jorani on Ubuntu? What is the default password? Here's a complete tutorial.   Read »

comments powered by Disqus