Security

The JSJ Online Roster System is very secure. The user interface is configured to only show what the user has access to, and there are several redundant back end checks in order to ensure that functions can only be accessed by users of the appropriate level. The entire site uses only trusted https protocol with secure Let’s Encrypt® SSL Certificate. Passwords are kept encrypted and cookies use a 64-bit time-based cypher so the encryption output changes constantly.

System emails may include auto-login links, which in itself can be a security risk. In order to minimize this risk, all auto-login links are generated using a unique SHA256 encryption algorithm and can only be used once. For security reasons, auto-login links are omitted from emails to Level 2 users (Leaders) and above.

In order to prevent accidental spamming, mass Reminder emails can only be sent out once. This means that if one Supervisor sends out a reminder email for certain dates then no other supervisor can send out another Reminder email for those same dates. Also, whenever a Request email is sent the system will show which Supervisor sent the most recent Request emails, who they were sent to and when they were sent. The entire detailed Request email history can be easily accessed before sending out a Request email.