Jorani is a secured system :
Let's discuss some technical features.
Jorani check the user's credentials to see if the operation can be performed or not. Ajax endpoints are secured as well. So a user cannot copy/paste an URL coming from the administration page so as to force the validation or the deletion of a request if he is not granted with HR privileges.
Jorani sanitizes inputs with a security filter. Jorani is protected against XSS and SQL injection attacks.
Jorani uses an encrypted session cookie.
Jorani uses BCRYPT algorithm so as to store password (hash with a salt). So, even if someone stoles the database, he will not able to read the passwords.
Jorani can be hosted on HTTP servers without activating SSL because password is never sent in clear. Jorani uses RSA algo encryption in order to send the encrypted password to the server.
Jorani does not send data to third party systems, companies or organization. Jorani does not collect statistics on your usage or your data. Data are stored in one place : the location where you installed it.
When employees create a new leave request, the approval of this request can follow a predefined workflow. Read »
When employees create a new overtime (extra hours of work) request, the approval of this request follows a predefined workflow. Read »
This article explains how to configure Jorani so as to calculate the duration of leaves by taking into account non-working days. Read »
The global calendar page allows you to display the leaves of all the organization or to filter by department Read »