Security features

Jorani is a secured system :

  • Jorani requires valid credentials and an active connection to perform any operation.
  • Nobody can intercept your password even if you don't use a secured connection (HTTPS).
  • Password is ciphered into the database, so nobody can read it.
  • Jorani has two user roles : admin and user. the role is checked before performing any operation.
  • The sources are publicly available so you can check by yourself what is done by the software.
  • Jorani doesn't use third party web services or obscure code : all is clear and hosted where you choose to install it.

Let's discuss some technical features.

At controller level

Jorani check the user's credentials to see if the operation can be performed or not. Ajax endpoints are secured as well. So a user cannot copy/paste an URL coming from the administration page so as to force the validation or the deletion of a request if he is not granted with HR privileges.

Jorani sanitizes inputs with a security filter. Jorani is protected against XSS and SQL injection attacks.

At browser level

Jorani uses an encrypted session cookie.

At database level

Jorani uses BCRYPT algorithm so as to store password (hash with a salt). So, even if someone stoles the database, he will not able to read the passwords.

Secured login form

Jorani can be hosted on HTTP servers without activating SSL because password is never sent in clear. Jorani uses RSA algo encryption in order to send the encrypted password to the server.

Your data belong to you

Jorani does not send data to third party systems, companies or organization. Jorani does not collect statistics on your usage or your data. Data are stored in one place : the location where you installed it.

Tags :    feature 

You may also like

Description of the configuration file

It is possible to customize the behavior of Jorani by modifying the main configuration file.   Read »

Page create a new user

Jorani contains a simple user management system that allows you to create employees and attach them to an line manager and more.   Read »

v0.1.4 is released

Jorani now offers a better end user experience by taking into account users using a slow Internet connection.   Read »

How to allocate the entitled days?

You can allocate positive or negative entitled days (credits or adjustements) at contract or employees levels. This gives you a maximum flexibility for implementing your HR policy.   Read »

How to modify and create users?

HR officer and manager can manage the list of users of the Jorani application.   Read »

comments powered by Disqus