lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20030402091730.GB8175@wsr.ac.at>
Date: Wed, 2 Apr 2003 11:17:30 +0200
From: "Peter J. Holzer" <hjp@....ac.at>
To: bugtraq@...urityfocus.com
Subject: Re: Oracle JDBC: Inconsistent handling of timestamps

On 2003-03-31 10:48:05 +0200, Peter Conrad wrote:
> Certain java.sql.Timestamp values aren't written to (or retrieved from)
> the database correctly. Timestamps affected are in the time interval just
> before switchover from DST to non-DST (the bug was noticed on 
> October 27th 2002 for the first time, when the switchover from MET/DST to MET
> took place). Various timestamp values in the range
> 2:00 AM - 2:59:59 AM (MET/DST) on October 27th 2002 as well as on October
> 26th 2003 have been verified to reproduce the bug, with the database as
> well as the JDBC client running in MET.
[...]
>     Timestamp problem = new Timestamp(1067130000000L); // 26.10.03 02:00 MET/DST

That's a general problem with daylight savings time. On the switch from
DST to standard time, one hour (02:00:00 .. 03:00:00 in the case of MET)
occurs twice. If a timestamp is stored in the local timezone but without
timezone information, this information is ambiguous. 

This is not Oracle-specific but would happen with any database which
stores timestamps in "human readable" form without timezone information.

If you need to store unambiguous timestamps, use UTC or a numeric 
"units since the epoch" format (like POSIX time_t or Java millis).

What's nasty about your sample code is that you specify the timestamp in
Java millis, but it isn't stored that way. It is easy for a programmer
to forget about the type conversion and possible loss of information.

	hp

-- 
   _  | Peter J. Holzer      | Unser Universum wäre betrüblich
|_|_) | Sysadmin WSR / LUGA  | unbedeutend, hätte es nicht jeder
| |   | hjp@....ac.at        | Generation neue Probleme bereit.
__/   | http://www.hjp.at/   |	-- Seneca, naturales quaestiones

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ