Quote:

---

Oh please.

The super user belongs to another user group and has access to more tables in the database. Just like you restrict user groups on your windows to have different restrictions(except that doesn't have anything to do with databases).

That modified client and decrypted sending theory is just mambo jambo.

---

A finished hand is probably saved in a backend database. A game server likely waits for the database to confirm this saving as a finished transaction. But it is not clear if the game server sends any data to the backend database before the hand is finished.

Large online poker houses would not likely have a simple client-server architecture. The game clients would rather talk to one of a whole cluster of middle-tier game servers. This is where I would be looking for a possible exploit, as such a game server would be responsible for deciding who wins a hand, giving all the clients their hole cards and so on. A developer that works with this middle-tier could possibly insert methods for test clients to access all data, without it being visible as either actions of game clients or as sql queries into a backend database.

Thus I don't think it is so unlikely that a 'superuser' client would exist. It would maybe look very much like the common gui any gamer sees in his client, but it would for instance have access to much more data, like all users hole cards.

There could be a whole range of clients with different degrees of privileges, ranging from the usual client to an administrative client ( with buttons for banning people, mute their chat), to an extremely powerful developer tool that has access to everything.

Edited by Matfrid (10/18/07 08:19 PM)

Post Extras