Security features

Jorani is a secured system :

  • Jorani requires valid credentials and an active connection to perform any operation.
  • Nobody can intercept your password even if you don't use a secured connection (HTTPS).
  • Password is ciphered into the database, so nobody can read it.
  • Jorani has two user roles : admin and user. the role is checked before performing any operation.
  • The sources are publicly available so you can check by yourself what is done by the software.
  • Jorani doesn't use third party web services or obscure code : all is clear and hosted where you choose to install it.

Let's discuss some technical features.

At controller level

Jorani check the user's credentials to see if the operation can be performed or not. Ajax endpoints are secured as well. So a user cannot copy/paste an URL coming from the administration page so as to force the validation or the deletion of a request if he is not granted with HR privileges.

Jorani sanitizes inputs with a security filter. Jorani is protected against XSS and SQL injection attacks.

At browser level

Jorani uses an encrypted session cookie.

At database level

Jorani uses BCRYPT algorithm so as to store password (hash with a salt). So, even if someone stoles the database, he will not able to read the passwords.

Secured login form

Jorani can be hosted on HTTP servers without activating SSL because password is never sent in clear. Jorani uses RSA algo encryption in order to send the encrypted password to the server.

Your data belong to you

Jorani does not send data to third party systems, companies or organization. Jorani does not collect statistics on your usage or your data. Data are stored in one place : the location where you installed it.

Tags :    feature 

You may also like

Workflow of leave request

When employees create a new leave request, the approval of this request can follow a predefined workflow.   Read »

Workflow of overtime request

When employees create a new overtime (extra hours of work) request, the approval of this request follows a predefined workflow.   Read »

How is leave duration calculated?

This article explains how to configure Jorani so as to calculate the duration of leaves by taking into account non-working days.   Read »

How to use the global calendar page?

The global calendar page allows you to display the leaves of all the organization or to filter by department   Read »

How to allocate the entitled days?

You can allocate positive or negative entitled days (credits or adjustements) at contract or employees levels. This gives you a maximum flexibility for implementing your HR policy.   Read »

comments powered by Disqus