Hi everyone, Last night I discovered a very significant problem (Bug) with jpoker 2.0. I accidentally came upon this bug while performing some manual tests with multiple browsers and computers. I had the BOTS running and I was signed in with two user names (userA and userB) on a single computer. I was using two different browsers; one browser being IE and the other being Fire Fox. At some point during the routine one of the users is logged out. I forgot what user name is was before; so I took a guess and logged in with userA. During the next hand I witnessed both jpoker clients had identical hole cards! I thought, what the heck? I then realized that both browsers were logged in as, you guessed it, userA! I couldn't believe what I was seeing. I was also able to control userA's game from both browsers as well.
I spent several hours time trying different scenarios and I have found that it is possible to sign in with multiple browsers of a different type on one computer using the same user name. I could not replicate the bug when trying to login with the same user name from identical browser types. In these cases I received the expected "you are logged in some where else" alert. However, I could login using the same user name if I used the same browser type on a different network device. I could also login with the same user name from any network device using any browser type as long as it was not the same browser type on one particular device. At one point I had logged in with the same user name five times simultaneously. The consequences of such behavior is obvious; All an unscrupulous person would need to exploit this bug would be to gather as many user names and passwords as possible and sign into a game from anywhere; be playing in the game or not and see the other players hands as the game goes on! I tried to replicate the bug with poker-network 1.75 and jpoker 2.0 but could not. I placed a clean "temporary" install of jpoker 2.0 and poker-network 2.0 on my server and retested with similar results. The server is at http://pokr3d.com/jpoker. Give it a try! Good luck Larry
_______________________________________________ Pokersource-users mailing list [email protected] https://mail.gna.org/listinfo/pokersource-users
