--- Privacy --- Andrés Gómez Casanova --- 2009-07-20 ---

Privacy in detail

Logging details

The event registry or logging is configured in the logback.xml file. The official distribution of this software (the stable release) has a particular configuration that sends the logs to just one place:

  • Prints the log messages in the standard output, normally being the screen. The messages printed has a WARN or ERROR level in the application.

For continuously improvement of the application, there is another configuration ready to be used.

  • This configuration will send the logs to a file, and the messages will have a more detailed level of logging, but for just one part of the application. That part is related to the graph creation, and other related parts that don't handle sensible information (the information that the user is writing in the application.) That configuration could be activated at any time by removing the comments marks in the logback configuration file.

    The file generated is called sa.log and the log level of the messages are INFO, WARN and ERROR. WARN and ERROR is the same as used in the standard output. INFO is just for some parts of the application.

JAR sealed

The distribution files are a zip or a tar.gz, and them, they contain a jar file inside that is called in order to execute the application. Actually, the application itself is contained in that file. In order to prevent modifications that could change the operation of the application, that file is sealed that means that all the necessary classes are stored there, and an external class cannot be part of the packages defined there. This is useful when you try to use this file as a library of a bigger application.

Java

Many classes and methods are final, so there is no possibility to extend a class or override a method and to change its behavior.

Execution

This application does not control the command execution. This part is delegated to the CLP which performs the semantic analyze, and in this way, it controls the connection state, the work environment, etc,

With this feature, the application cannot modify or corrupt your data, because it does not understand when there is established connection, or if a statement is valid or invalid.

Exceptions

The application's exceptions don't carry sensible information. They only have information about the problem, but they don't contain other type of information. If they can eventually carry such type of information, a descriptive message is written next to the exception's throw.

Only exceptions that are not part of the application could eventually contain sensible information, however this is a very particular case because the data is well treated, and exceptions are always catched.