I’ve seen lua executors/dumpers that download all of the client sided code and was wondering if there’s any way of stopping or protecting the code against it?
Short answer is no.
And long answer is …? I remember someone talking about loading the client code from a file that isn’t recognized as a client script by the dumper and thus not downloaded by it?
Everything you send to the client can be retrieved by people, you can try to make it harder by loading it on the fly or obfuscating your code but at the end they will always get it. Try doing as much as you can on the server.
2 Likes
Damn that sucks, thanks for the reply.
@TheIndra Is C# /.NET affected by this problem too? Will they be able to decompile the DLLs even if I obfuscate them?
It’s not a ‘problem’, it’s inherent to sending files to users.
Of course any obfuscation is just obfuscation. The only way to prevent someone from ‘getting’ your logic is to not send them your logic in the first place.
1 Like
So, you’re saying that it would be better to implement most of the game logic server-side (like it was in SA-MP for instance), and avoid overusing client scripts?
Best practice is to have as much server side as possible.
Well, the server sided scripts are actually very limited (for good reason) and doesn’t contain as many options to do things as your client scripts have
I’d just say, your two options are:
- Don’t let anyone on your server you don’t trust with your client scripts
- Don’t make client scripts you don’t want your client-base to have.
This is just nature of client scripting. All client scripts will download to the player. Maybe you can make an feature request to select scripts to give to each player (from a server administration standpoint)…
Yeah Server-side was limited until One Sync infinity.
For good reason? What are you talking about? The more you can do server side the better. Which is why onesync is nice, and the ever growing list of natives that support client side functions for the server.
LOL I was just talking to bubble about this;
Well, fivem is p2p. Not having those resources to run on the server side are (apparently) better for the server. Which I can confirm resource wise is good. I have a very weak linux server on its last breath that’s been chugging along just fine as a fivem server due to the small resources.
That’s not to say functionality wise, I don’t wish this were the case.
Look at:
https://forum.cfx.re/t/possible-to-run-client-scripts-as-the-server/