Jorani is a secured system :
Let's discuss some technical features.
Jorani check the user's credentials to see if the operation can be performed or not. Ajax endpoints are secured as well. So a user cannot copy/paste an URL coming from the administration page so as to force the validation or the deletion of a request if he is not granted with HR privileges.
Jorani sanitizes inputs with a security filter. Jorani is protected against XSS and SQL injection attacks.
Jorani uses an encrypted session cookie.
Jorani uses BCRYPT algorithm so as to store password (hash with a salt). So, even if someone stoles the database, he will not able to read the passwords.
Jorani can be hosted on HTTP servers without activating SSL because password is never sent in clear. Jorani uses RSA algo encryption in order to send the encrypted password to the server.
Jorani does not send data to third party systems, companies or organization. Jorani does not collect statistics on your usage or your data. Data are stored in one place : the location where you installed it.
It is possible to customize the behavior of Jorani by modifying the main configuration file. Read »
Jorani contains a simple user management system that allows you to create employees and attach them to an line manager and more. Read »
Jorani now offers a better end user experience by taking into account users using a slow Internet connection. Read »
You can allocate positive or negative entitled days (credits or adjustements) at contract or employees levels. This gives you a maximum flexibility for implementing your HR policy. Read »