Privacy policy
My general approach to your privacy is to know as little as possible,
but I still do have access to some information, here is a quick overview.
If you have any questions about any details, feel free to checkout the
source repo or shoot me an email, both are linked in the footer.
Logs
This is at the very top because it affects every visitor.
I do currently have default apache access logging turned on, so every
time you request a page I log it in the Common Log Format,
you can learn more about it
here.
But to sum up the information you are most likely to be interested in:
I know which IP address requested what page at what time.
Cookies
I do not save any cookies by default, but some actions on this
site might set the PHPSESSID cookie. You may learn more about when,
why and what it stores below.
PHPSESSID
-
When?
This cookie gets set when you log into your account.
-
Why?
I need to store the information about the logged in user somewhere,
I do that on the server in a so-called session (which is basically a
storage of data that is unique for each visitor). And for the server to
know which session belongs to which user it gives those users which
do have an active session a unique ID that can be used to connect you
to your data. This can be obviously used to track you across the site,
so I only set it when absolutely neccesary.
-
What?
The session only contains the User class for the currently
logged-in user. It has the following properties:
- user_id
- user_name
- permissions
You can learn more about what they mean in the
Database section.
Database
If you want to see the details, feel free to have a look at the sql file
in the source code repo (linked in footer). But here I shall provide a
quick overview of all the data I store about every registered user:
-
user_id
Unique id of the user, it is used as a
primary key
for the table.
-
username
This is the username the user chose at registration.
-
password
This is the string representation of your passw- I'm just kidding,
it is the hash of your password as produced by the php password_hash()
function, I use the default algorithm, which is currently CRYPT_BLOWFISH.
-
created_at
This is the timestamp at creation of the account.
-
permissions
I use this to decide what user can do what, currently it is only
used to allow me to post blogs.
And that should be all! I will try to update this page as needed, but
if something seems off to you do shoot me an e-mail!