OrderKo.comSecurity foundation
Built to protect real restaurant operations.
OrderKo is designed so small restaurants can accept QR and kiosk orders without exposing staff tools, credentials, or operational data to customers.
Restaurant-scoped data
Menus, orders, staff credentials, and operational controls are tied to a restaurant record so each business stays separated.
Protected staff areas
Cashier, kitchen, admin, and super-admin screens use server-side session checks instead of being public dashboards.
Hashed staff PINs
Staff PINs are stored as hashes, not readable values, and new PINs must avoid common weak patterns.
Login throttling
Staff and super-admin login attempts are rate limited to reduce brute-force guessing risk.
Safer order submission
Customer order creation is validated, duplicate submissions are blocked, and submission bursts are rate limited.
Production health checks
Public health checks confirm service status without exposing database connection details in production responses.
Security roadmap
OrderKo already has a practical MVP security foundation. These are the next upgrades planned as more restaurants join and operational risk increases.
- Owner accounts with stronger identity controls
- Two-factor authentication for operators
- Expanded audit logs for sensitive admin changes
- Formal incident response and security review process