I'm working with a WPF/C# app where I need to lock out users from accessing a particular feature for some amount of time. Basically, from the time a certain event happens, I want to prevent certain access for the next 24 hours.
The simple case:
All good. However, the user has the ability to change the system time, which royally screws me. They can simply set the system time 24 hours ahead and my app will be none the wiser.
I'm assuming that changing the time in Windows makes its way to the system's real time clock... so is there any free running timer that is independent of the system clock? One that the user can't mess with?
Any insight is appreciated.
It’s a 32-bit value representing the time the file was created, in the form of seconds since January 1, 1970 UTC. But starting in Windows 10, those timestamps are all nonsense.
Timestamps are values that specify a date and time combination. Applications that must handle timestamps typically store those timestamps in Universal Coordinated Time (UTC). The advantage of UTC is that UTC is universal. UTC isn't subject to local time zones or to DST. However, UTC is not user-friendly or relevant to most users.
UNIX timestamps are in seconds since January 1, 1970 UTC. It is a 32-bit number, the only 32-bit number in common use as a timestamp. November 26, 2002 at 7:25p PST = 0x3DE43B0C. If it’s a 32-bit value starting with “3”, it’s probably a UNIX time.
One of the fields in the Portable Executable (PE) header is called TimeDateStamp. It’s a 32-bit value representing the time the file was created, in the form of seconds since January 1, 1970 UTC.
Environment.TickCount doesn't change with system time changes but it resets on reboots. One option is an HTTPS secured web service and a certificate policy that does not allow certificate validation failures. Otherwise it would be pretty trivial to spoof the response from the service.
Back when I first started selling software I was very paranoid about piracy and such. Not that I'm suggesting your purposes is the same. But I came to the conclusion that people generally won't mess with their system time because it screws up so many other things on their computer that it's not worth the hassle. Naturally different applications will have different integrity requirements but I just thought I'd add this bit.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With