You are aware that people can just use stuff in said “obfuscated” form, right, for it runs on the client and therefore can run if copied verbatim as well?
“Obfuscation” achieves nothing but trouble for the entire project’s ecosystem, and is also generally unattainable, since Lua bytecode is not enabled in CfxLua for security reasons, other “obfuscation” is trivial to bypass and reimplementing a whole bytecode interpreter would make client performance reduced by 5-10 times.
And again,
a) not the case at all
b) not if you put nearly all controlling logic on the server and only let client scripts do simple things as a result of state bag values
c) and if someone “knows what they are doing” why would they need to “dump” or whatever you call it other people’s scripts?
It’s not as simple as just running it on their server and it will work, they may need to make changes to said script or rebuild the server side before it is usable on their server which obfuscation would make more difficult. And what trouble does this achieve for the FiveM project?
a) Very much the case, you can do a lot server sided but you can’t do everything.
b) Yes, but I only suggested obfuscation to the OP because clearly he doesn’t know how to write his own scripts. I don’t use obfuscation myself I prefer better client performance. Now, thinking about it I’m not sure why he wants to protect his server from being dumped if he’s using public scripts.
c) You’d be surprised how messed up the leaking community is. They “crack” simple resources all the time which can be quite difficult so surely if they can do that they could have written the resources themselves. They just do it anyway.
Thank u Omar, love you
Sadly worrying about people stealing client files is a thing of the past, we now have to worry about them stealing all files, and yes, this does include stream files and server.lua files
Server files cannot be retrieved or dumped, the only way this would be possible is if one of your resources is exploitable to gain access to your server. Or if this is really an issue then report it to Cfx.re though I suspect this is more likely one of your resources.
It’s a common problem now, I did already report an “executor” that can dump server sided files such as stream files. You only have to look at these leaking websites to see how big the issue is. I’m surprised this hasn’t come to your attention yet
Stream files are not server sides files so yes those can be dumped as with anything send to the client.
Apologies to bring up an old (“dead”) topic, However still quite relevant discussion, Is this still the case with escrow now in play? Is it possible to dump escrowed stream files for example .ydd and .ydr etc and if so are they still escrowed when dumped for example? Thanks in advance 
They are still escrowed after the dump. So that’s your asnwer on how to protect them.
i got the same isue that there are web hooks they can grab so i have to do it somehow? what can i do?
Having webhooks in any client-script is such a dumb idea
yes i know but the problem is that it is in the config and you can dump it
…remove it from the config then. Ideally, if you really cannot live without configs, you should save stuff like that as convars.
How would you go about hiding locations of stuff?
Like coords? Just make it server-sided
No clue how to do that tbh.
then you have no reason to worry about it