Two Plus Two Newer Archives  

Go Back   Two Plus Two Newer Archives > General Poker Discussion > Poker Beats, Brags, and Variance
Reload this Page Absolute Poker Scandal: An Inside Job
FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #11  
Old 10-16-2007, 09:20 AM
Jimbo232 Jimbo232 is offline
Member
  
Join Date: Sep 2006
Posts: 89
Default Re: Absolute Poker Scandal: An Inside Job
[ QUOTE ]
Can someone comment on the actual likelihood of an account that was created SO early in the Absolute alpha-testing process (so early as to be account ID 363) CONTINUING to possess "superuser" capabilities over the course of nearly 8 or 10 years (what with all the various software upgrades / fixes, etc)?

It's not that I'm not 100% convinced with all the evidence that we've collected to date. It's just that nearly every explanation given to this point starts with the premise that there's an account that was created VERY early on in the game that has hole-card viewing capability. It's possible that it's the original creator of that account who is a rogue programmer, but more likely that the real rogue guy is a more recently-employed programmer who just "discovered" this older superuser testing account (otherwise we'd have to believe that the original rogue programmer just "sat on" the superuser account for nearly 8 years before exploiting it). But can some systems-admin guys comment on the just how realistic an assumption it is that a testing account that was created 8 whole years ago, when the Absolute software looked and functioned very, very differently than it does now would CONTINUE to "work" through all the various upgrades, patches, software overhauls, etc, that have happened since Absolute's inception?

[/ QUOTE ]

Teddy - I know nothing of poker software security, but I do have plenty of experience as an SAP security consultant. In SAP and many other software platforms the "User" is a separate component than their "access" within the system. This is referred to as Role-based Access Control

http://en.wikipedia.org/wiki/Role-Based_Access_Control

Roles or functions are maintained separately than the Users. Users must be assigned a role to be able to do anything within the system.

Purely speculating, if poker software used RBAC security - there would be a "End-User Role" that would be automatically assigned to every user id created through the normal sign-up process. This role would allow you to log-in to the client, open a table, and perform all the functions necessary to play poker. Similarly, there could be other roles that provide more significant access - a developer role (allows access to source code), super-user role (can do anything), configuration role (allows changes to system settings), etc. The # and different types of roles would match the number of different functions needed to be performed within the system. Ideally, any powerful roles would be monitored closely and only exist within the dev and QA systems.

To avoid ranting too much, if the poker software uses RBAC security, the user may not have been "all-powerful" since the beginning of AP. This could be a support user id that was assigned the "Super-User" role at a later date giving the user id access beyond what it normally has.

Again, this is just a speculative scenario - I have no knowledge if poker software uses the RBAC security methodology.
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 12:12 PM.

Contact Us - www.twoplustwo.com - Archive - Top

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.