personal-website/docs/www/privacy.php

91 lines
3.1 KiB
PHP

<?php
display_header("Privacy policy");
?>
<article>
<h2> Privacy policy </h2>
My general approach to your privacy is to know as little as possible,
but I still do have access to some information, here is a quick overview.
If you have any questions about any details, feel free to checkout the
source repo or shoot me an email, both are linked in the footer.
<h3 id="Logs"> Logs </h3>
This is at the very top because it affects <b>every visitor</b>.
I do currently have default apache access logging turned on, so every
time you request a page I log it in the Common Log Format,
you can learn more about it
<a href="https://httpd.apache.org/docs/current/logs.html#common">here</a>.
But to sum up the information you are most likely to be interested in:
I know <b>which IP</b> address requested <b>what page</b> at <b>what time</b>.
<h3 id="Cookies"> Cookies </h3>
I do not save any cookies by default, but some actions on this
site might set the PHPSESSID cookie. You may learn more about when,
why and what it stores below.
<h4 style="margin-bottom: 8px;"> PHPSESSID </h4>
<ul>
<li>
<b> When? </b>
This cookie gets set when you log into your account.
</li>
<li>
<b> Why? </b>
I need to store the information about the logged in user somewhere,
I do that on the server in a so-called session (which is basically a
storage of data that is unique for each visitor). And for the server to
know which session belongs to which user it gives those users which
do have an active session a unique ID that can be used to connect you
to your data. This can be obviously used to track you across the site,
so I only set it when absolutely neccesary.
</li>
<li>
<b> What? </b>
The session only contains the User class for the currently
logged-in user. It has the following properties:
<ul>
<li> user_id </li>
<li> user_name </li>
<li> permissions </li>
</ul>
You can learn more about what they mean in the
<a href="#Database">Database</a> section.
</li>
</ul>
<h3 id="Database"> Database </h3>
If you want to see the details, feel free to have a look at the sql file
in the source code repo (linked in footer). But here I shall provide a
quick overview of all the data I store about every registered user:
<ul>
<li>
<b>user_id</b>
Unique id of the user, it is used as a
<a href="https://en.wikipedia.org/wiki/Primary_key">primary key
</a> for the table.
</li>
<li>
<b>username</b>
This is the username the user chose at registration.
</li>
<li>
<b>password</b>
This is the string representation of your passw- I'm just kidding,
it is the hash of your password as produced by the php password_hash()
function, I use the default algorithm, which is currently CRYPT_BLOWFISH.
</li>
<li>
<b>created_at</b>
This is the timestamp at creation of the account.
</li>
<li>
<b>permissions</b>
I use this to decide what user can do what, currently it is only
used to allow me to post blogs.
</li>
</ul>
<p>
And that should be all! I will try to update this page as needed, but
if something seems off to you <b>do shoot me an e-mail!</b>
</p>
</article>
<?php
include_once($COMMONS."/footer.php");
?>