#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2008
    Posts
    30
    Rep Power
    7

    Getting Time Verification without contacting server


    Hi, im not sure where to put this in here as i guess it could go in several sections. I have someone working on a project through elance, the program is kind of private so i dont want to release exact details but part of the program needs to check the PostgreSQL database and see how long the last record was and run a script if the last record was <= 60 mins and run another script if it was > 60 mins.

    Now if i use the timeclock on windows then if people change the timeclock which they can easily do it messes things up. If i contact my server to get the time then people also would get really upset that the program is contacting a server for security issues (would contact a server like windows time server be less of a security risk to people?) also there is the problem of what if the connection to the internet is disrupted if we use the internet time so im wondering if there is another way around this that we can use to accurately figure out when the last record was and basically have a script run if it >= 60 mins since that last record in postgreSQl?
  2. #2
  3. I'm Baaaaaaack!
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Jul 2003
    Location
    Maryland
    Posts
    5,538
    Rep Power
    244
    I am pretty sure that Postgresql can launch its own jobs and in any case, you can create a process on the server (the same one that runs Postgres) to do the same thing. You should only care about the clock relative to Postgres, which means whatever does the checking needs to reside on the same server. Why do you want to run this remotely anyway?

    My blog, The Fount of Useless Information http://sol-biotech.com/wordpress/
    Free code: http://sol-biotech.com/code/.
    Secure Programming: http://sol-biotech.com/code/SecProgFAQ.html.
    Performance Programming: http://sol-biotech.com/code/PerformanceProgramming.html.
    LinkedIn Profile: http://www.linkedin.com/in/keithoxenrider

    It is not that old programmers are any smarter or code better, it is just that they have made the same stupid mistake so many times that it is second nature to fix it.
    --Me, I just made it up

    The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man.
    --George Bernard Shaw
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2008
    Posts
    30
    Rep Power
    7
    Ok bear in mind im not too familiar with how PostgreSQL runs and im just trying to find the best way to get this to work.

    My understanding is since the PostgreSQL database is run on local host 127.0.0.1 that when a record appears in PostgreSQL it uses the windows time? Is this correct.

    If this is correct then if the last record appeared right now lets say at 10:00am and then at 10:30 someone changed the time to 11:00am and then the postgreSQL database created another record, only 30 mins has passed since at 10:00 - 10:30am however since the time was put forward 30mins at 10:30 the 2 records are:
    10:00am
    11:00am

    So it wrongly assumes its 1 hour difference and runs the script when it shouldnt for another 30mins.

    Or do you mean postgreSQL has its own clock seperate to windows clock and if so how easy is it to change this clock? What about BIOS is that seperate from windows time and can that be accessed

    I would prefer not to connect to a remote server to get the time but i think i need to since the windows clock can be manipulated. Would it be a security risk if the application contacted an official server like Windows time if im forced to use that solution?
  6. #4
  7. I'm Baaaaaaack!
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Jul 2003
    Location
    Maryland
    Posts
    5,538
    Rep Power
    244
    Security risk is entirely up to your security people.

    I am not clear where your db resides. If it is a local copy to the user's computer then you simply have to accept you got no control over anything and come up with a solution that doesn't depend on accurate time. If it is on a remote, central computer that recieves data from individual's PCs, then it should rely on the server's clock and ignore anything it gets from the user.

    BTW, what is the big deal about running the script too often? If the script has nothing to do, it should just exit.

    My blog, The Fount of Useless Information http://sol-biotech.com/wordpress/
    Free code: http://sol-biotech.com/code/.
    Secure Programming: http://sol-biotech.com/code/SecProgFAQ.html.
    Performance Programming: http://sol-biotech.com/code/PerformanceProgramming.html.
    LinkedIn Profile: http://www.linkedin.com/in/keithoxenrider

    It is not that old programmers are any smarter or code better, it is just that they have made the same stupid mistake so many times that it is second nature to fix it.
    --Me, I just made it up

    The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man.
    --George Bernard Shaw
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    May 2004
    Posts
    3,417
    Rep Power
    887
    This thread should be moved to the Software Design forum. It sounds like you could also use some Windows SDK assistance from MSDN as well.

    You can monitor for clock changes and maintain a clock skew value to determine the actual interval. But you really don't have to bother with that if you use timer call-backs. They are inherently interval timer based and immune to real-time clock (RTC) variances (but less accurate). So there's essentially two kinds of clocks you can use on a PC, one is the RTC and the other is an interrupt "tick" count that is basically a divider chain driven by the processor oscillator/clock. Most interval timers are implemented in terms of that processor clock, or hardware based interval timers that derive from the system oscillator, not the real-time clock. Over long periods, these timers tend not to be as accurate as the real-time clock is, but they almost always have higher resolution. For your 60 minute period, they typically drift by no more than a few seconds, but you can actually run an algorithm to compensate for any drift by checking the RTC; just don't use any RTC reading that is more than a minute different than what you derive from your timer, to make any adjustments to the number ticks, milliseconds, or microseconds that your timer is based on..
    I no longer wish to be associated with this site.
  10. #6
  11. Banned ;)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Nov 2001
    Location
    Woodland Hills, Los Angeles County, California, USA
    Posts
    9,616
    Rep Power
    4247
    Thread moved.
    Up the Irons
    What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
    "Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
    Down with Sharon Osbourne

    "I wouldn't hire a butcher to fix my car. I also wouldn't hire a marketing firm to build my website." - Nilpo
  12. #7
  13. Banned ;)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Nov 2001
    Location
    Woodland Hills, Los Angeles County, California, USA
    Posts
    9,616
    Rep Power
    4247
    One way to handle this is:
    1. Store all times in UTC (which is not subject to daylight savings at all) and translate to local time zone when displaying the information.
    2. Ask your server admins to run ntp service, so that the clock always stayed synchronized as much as possible. The NTP service doesn't make massive changes to the clock if it is out of sync. Instead it gradually increments or decrements the clock to sync it to the actual time. This is done that way so that jobs that depend on time will get a chance to properly run.
    Up the Irons
    What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
    "Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
    Down with Sharon Osbourne

    "I wouldn't hire a butcher to fix my car. I also wouldn't hire a marketing firm to build my website." - Nilpo
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    May 2004
    Posts
    3,417
    Rep Power
    887
    Using UTC doesn't entirely solve the problem though. A user may arbitrarily change the clock. If the OP's application is a license scheme that rents time on an application by the hour, or keeps track of a contractor's presence in front of the web cam, simply using UTC won't prevent the user from cheating. And then there's those random user related events where someone decides they want to time shift for a while and try to do it by changing the clock on their computer (you just never know what they will do or why).

    Running NTP is a good idea, but most users don't know how to set it up properly and even admins tend to ignore the fact that their logs are littered with "NTP can't reach server <name here>". Some large shops have all of their clients sync'd up with the domain controller but fail to configure the domain controller to sync up with a reliable NTP server. Most folks rely on free services when it comes to NTP and like most things that are free, you get what you pay for.
    I no longer wish to be associated with this site.

IMN logo majestic logo spyfu logo threadwatch logo seochat tools logo