As a developper I am very worried about one thing:
I saw that mostly the functions are clientside so a lot of verifications in my script are made clientside.
But the thing is that developpers should never trust the client so my question is: is there any protections against spoofing values/cheating/running functions in the platform?
I would like to make my own gamemode but I’m not feeling conformtable with the idea of cheating/spoofing.
I also saw that there is also a lot of while true do loops in people scripts probably because the lack of client events, when I began programming I was told to never use this loop because it is resource intensive. Even if the Citizen.Wait function exists I do not feel conformtable with this loop too.
As a web developer, I develop my own server and I’m also asking myself questions about security. I knew the HTML/JS code of resources must only be used for display and the server lua script is secure but how about the client resource script ? Can a player see the source code or modify it to bypass verification?
For the loop in scripts, I think that is how we do the event programming in C ++ : create a new process not to block the script and do these tests in it. Correct me if I’m wrong !
@Nicolas_BROBST One thing is sure; we are able to spoof values thanks to softwares like Cheat Engine…
It was obvious that we could but there is no many ways to prevent that since we can’t compare them with serverside values. (natives are mostly clientside)
mean, you can compare them, but it’s useless in most cases. You really have only two options: either you find workarounds to the natives, or you make a native responder, I guess, if you want to call it that way. I mean, people say they have something like it, but you can’t really trust it without seeing it.