Jorani is a secured system :
Let's discuss some technical features.
Jorani check the user's credentials to see if the operation can be performed or not. Ajax endpoints are secured as well. So a user cannot copy/paste an URL coming from the administration page so as to force the validation or the deletion of a request if he is not granted with HR privileges.
Jorani sanitizes inputs with a security filter. Jorani is protected against XSS and SQL injection attacks.
Jorani uses an encrypted session cookie.
Jorani uses BCRYPT algorithm so as to store password (hash with a salt). So, even if someone stoles the database, he will not able to read the passwords.
Jorani can be hosted on HTTP servers without activating SSL because password is never sent in clear. Jorani uses RSA algo encryption in order to send the encrypted password to the server.
Jorani does not send data to third party systems, companies or organization. Jorani does not collect statistics on your usage or your data. Data are stored in one place : the location where you installed it.
We realised a benchmark of the different PHP versions (5.3 up to PHPng and HHVM) so as to recommend a runtime. Read »
A manager may temporarily or permanently entrusts with the validation of requests for leave to another employee, is the delegation. Read »
Jorani is compatible with HHVM and nginx. This tutorial explains how to achieve a high performance installation. Read »
It is possible to customize the behavior of Jorani by modifying the main configuration file. Read »