Re: Oracle JDBC: Inconsistent handling of timestamps

From: Peter J. Holzer (hjp@wsr.ac.at)
Date: 04/02/03

  • Next message: Erik Forsberg: "Microsoft Terminal Services vulnerable to MITM-attacks." 
    Date: Wed, 2 Apr 2003 11:17:30 +0200
From: "Peter J. Holzer" <hjp@wsr.ac.at>
To: bugtraq@securityfocus.com

    On 2003-03-31 10:48:05 +0200, Peter Conrad wrote:
    > Certain java.sql.Timestamp values aren't written to (or retrieved from)
    > the database correctly. Timestamps affected are in the time interval just
    > before switchover from DST to non-DST (the bug was noticed on
    > October 27th 2002 for the first time, when the switchover from MET/DST to MET
    > took place). Various timestamp values in the range
    > 2:00 AM - 2:59:59 AM (MET/DST) on October 27th 2002 as well as on October
    > 26th 2003 have been verified to reproduce the bug, with the database as
    > well as the JDBC client running in MET.
    [...]
    > Timestamp problem = new Timestamp(1067130000000L); // 26.10.03 02:00 MET/DST

    That's a general problem with daylight savings time. On the switch from
    DST to standard time, one hour (02:00:00 .. 03:00:00 in the case of MET)
    occurs twice. If a timestamp is stored in the local timezone but without
    timezone information, this information is ambiguous.

    This is not Oracle-specific but would happen with any database which
    stores timestamps in "human readable" form without timezone information.

    If you need to store unambiguous timestamps, use UTC or a numeric
    "units since the epoch" format (like POSIX time_t or Java millis).

    What's nasty about your sample code is that you specify the timestamp in
    Java millis, but it isn't stored that way. It is easy for a programmer
    to forget about the type conversion and possible loss of information.

            hp 

    -- 
   _  | Peter J. Holzer      | Unser Universum wäre betrüblich
|_|_) | Sysadmin WSR / LUGA  | unbedeutend, hätte es nicht jeder
| |   | hjp@wsr.ac.at        | Generation neue Probleme bereit.
__/   | http://www.hjp.at/   |	-- Seneca, naturales quaestiones

  • Next message: Erik Forsberg: "Microsoft Terminal Services vulnerable to MITM-attacks."