Skip to content

Security

Jump to bottom
Jani Giannoudis edited this page Feb 12, 2025 · 18 revisions

Payroll Engine Security

The Payroll Engine is a backend service and should not be used on the public Internet.

Backend server security

API key

An API access key can be added to the backend server. This means that only clients that know the key can use the API. When an endpoint request is made, the API key must be included in the Api-Key HTTP header.

When the API key is active, Swagger requires authorization from it.

For the backend, web, and console applications, the access key can be stored in configuration files or system environment variables.

Tenant authorization

To ensure multi-tenant capability, the backend server supports the HTTP header Auth-Tenant. If the optional header is present, it is compared with the tenant of the URL for each REST request.

Auth-Tenant: "MyTenantIdentifier"

For example, the web application sets the Auth-Tenant for all subsequent backend requests when the tenant is changed.

GET request body

The REST API uses HTTP POST operations for all endpoints that send potentially sensitive data in their requests. This prevents such data from inadvertently ending up in logs, browser history, or the like.

Database SQL injection

At the database level, the micro-ORM component Dapper prevents SQL Injections.

Client security

HTTPS on localhost

To use the Payroll Engine from a protected network zone, the payroll console and web application use the HTTPS protocol to communicate with the backed server. During setup, a developer certificate is installed on localhost.

Web application server security

User Login

New users are initially created by the administrator or supervisor without a password. When logging in for the first time, the user must set his password and can change this later in the user settings. This results in the following login sequence:

  1. Input of the user identifier
  2. Selection of the tenant - if the user identifier exists in several tenants
  3. Input new password with confirmation - in case of first login
  4. Input password
  5. Web application start

If a user is assigned to several tenants, a separate password applies to each tenant.

User authorization

The web application distinguishes between the following user types

  • User - user of the web application with the features
  • Employee - user of the web application and wage earner (self-employeement)
  • Administrator - has only the possibility to manage the users
  • Supervisor - can use all features without restriction

In the web application, the user type is indicated by the icon of the User Settings command.

Role-based access control

The functionality of the web application is controlled by Features (Feature Toggles) that are assigned to the user. Features are managed by

  • users of type Administrator
  • users of type Supervisor
  • users with the feature Users

The EmployeeCases feature allows access to employee cases by displaying an additional page in the navigation. Some features, such as Forecast, extend the content of existing pages.

🤝 Thank you for supporting this project with a donation.
This is a pre-relase version of the initial development, please read the restrictions.

Clone this wiki locally