Search the archives!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Potential (security) problems with System.currentTimeMillis()?
- From: kreilede@xxxxxxxxxxxxxxxxxxxxxx (Juergen Kreileder)
- Subject: Potential (security) problems with System.currentTimeMillis()?
- Date: 29 Jan 2000 02:16:32 +0100
>>>>> Benjamin Johnston writes:
Benjamin> I have always automatically assumed that
Benjamin> System.currentTimeMillis() would only increase (I didn't
Benjamin> check, and didn't think to check). After noticing the
Benjamin> defined return value of this function I began to
Benjamin> question that "fact". System.currentTimeMillis()
Benjamin> returns: "the difference, measured in milliseconds,
Benjamin> between the current time and midnight, January 1, 1970
Benjamin> UTC."
Benjamin> I did some testing, and it turns out that this
Benjamin> assumption was false (on the Win32 VM distributed with
Benjamin> JBuilder Foundation (run on Windows98)).
Benjamin> If the system time is adjusted backwards,
Benjamin> System.currentTimeMillis() will suddenly "jump"
Benjamin> backwards.
Which still is correct wrt the specification.
Benjamin> If the system time is adjusted backwards one hour,
Benjamin> Thread.sleep(1000) can take an hour to execute. (It
Yep, if the implementation does an absolute wait, i.e. if it
implements that as 'sleep until current time + 1000 millis'. It's
a known bug.
Benjamin> doesn't appear to be affected by setting the clock
Benjamin> forward though (only a limited amount of tests though)).
Benjamin> I haven't tried much else, but I presume wait() and
Benjamin> various other time related functions would have the same
Benjamin> problem.
This depends on the implementation: E.g. the native threads
implementations on Linux does not suffer from this problem because the
called thread library function does a relative wait. OTOH, the green
thread implementation fails because it does an absolute wait.
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://www.blackdown.org/java-linux.html
---
To unsubscribe, mail advanced-java-unsubscribe@xxxxxxxxxxxxxxxx
To get help, mail advanced-java-help@xxxxxxxxxxxxxxxx
- References:
- Potential (security) problems with System.currentTimeMillis()?
- From: Benjamin Johnston
- Potential (security) problems with System.currentTimeMillis()?
- Prev by Date: Applet Nirvana - reduced load time via Appstream
- Next by Date: Pls. suggest a free Java Editor / IDE for Win 95/NT
- Previous by thread: Potential (security) problems with System.currentTimeMillis()?
- Next by thread: Potential (security) problems with System.currentTimeMillis()?
- Index(es):