What you see as well on the front end of things, was an actual nightmare on the back end. Obviously the general community member wouldn’t see that and I don’t expect them to understand that to be honest.
As I stated in my post and I will continue to post on each of the paid resources, please, if you see an issue flag it for moderator review. We are asking authors for source code to compare if there is complaints, we are taking action if it is needed.
You’re a member of this community, you’re welcome to express your opinion and feelings. I appreciate you doing it in a well thought out adult manner.
Selling to make extra money or getting paid for working is great and all.
But what if the creators locks the script? What if I can’t see the source code of that script? @TigoDEV also raised this same concern. What if there is a backdoor on server side script that downloads every script that your server has a sends via http request? What if someone has made a script such that you can remotely put in code as they wish? Like I’ve seen a-lot creators do that. You can basically remotely use your script to do anything you would like to do. And FiveM is promoting them to their homepage. This can seriously provoke some law suits if the owners of scripts get this seriously.
I also seen some of the scripts sending your current mysql connection strings to their webservers? Like what the hell is that? You are targeting legit customers that are trying to buy something and respect your work!
I also have seen CodeDesign’s JS encryption. I would simply not install that script thinking it can do a-lot of things that I can’t even imagine!
Lua itself is having a-lot things that can be used to gain a-lot of access.
Encryption is not part of this conversations, but still is a huge concern over “nice looking scripts”
Every effort is made by the moderators to ensure that these resources are as safe as possible. You as the end user assume the responsibility to ensure that you understand what you are purchasing, using and installing into your computer / server.
If you see something, say something to the moderators by flagging the script, explain the issue and allow us to take the wheel. The big issue we’re running into right now is individuals getting into dick measuring competitions on Paid Resource posts leading to a shit fest instead of doing what we’ve been asking on every single post and flagging it with the issue.
We will be taking swift and strong repercussions for individuals doing this.
Thank you for bringing this to our attention, we don’t always have the ability to catch these things. These are the type of things that we need to be flagged on and be properly reported. We’re looking into a few things now, thank you.
As we stated in a reply to TheDestroyer, if you or other FiveM moderators and management do contact us through discord directly, we will happily send you the source code unobfucated to show that it is all completely safe.
But you will fail at the point where you need to show them what you sell.
Example ;
If the unencrypted script says
print("Snail is cool")
and a encrypted script says
XXXXX|||X||S||F|F|F||||X|X|X|X|X|
How will you prove that those are the same version of scripts just in different form? Either you need to show source code of your encryption and how you encrypt scripts or you would need to sell the encrypted versions. You can edit my (bought) script whenever you want? After I have paid for it? Should not be the case in here.
I also found that you have not mentioned anything about Encryption/Remote Loading on any of your FiveM Posts as well as your store page, checkout page or anywhere. You have it well hidden under About page where no one would normally peak into. Let FiveM moderators decide what needs to be done with this type of case.
I have noted rather swift actions recently against those who are trying to pass off other peoples work as their own in an effort to make money. Good work with this!
Can we have a firm decision and full clarity on the matter of obfuscated code. I believe at the time of writing free releases are not allowed to be encrypted, however, those selling resources are free to encrypt and IP lock their work. I understand they may only be trying to protect their work, but it isn’t without issue.
It adds a greater workload on the moderation team who have to check everything.
IP locks are only as reliable as the system that checks them, they drop, the resources fail.
The sharing aspect of the community, adding their own spin on things and in lot’s of cases actually making resources better can no longer exist.
Providing unobfuscated code to a moderator doesn’t mean that that is the code being given to users for download! I can give you a set of files and claim what you are seeing is the full “clean” code only to get back to my other set of files which contain malicious content.
It’s ok saying the end-user has responsibility, but Cfx need to take responsibility too for what is becoming of the forums and the community.
Only because revoking this permission before an alternative enforced escrow solution exists would lead to even more complaining. We didn’t expect people to do this and I was informed much too late of moderators’ decisions to keep these topics open, nor was I aware of people’s intent to do such things beforehand.
Once an official solution exists, all existing resources being sold with custom licensing must move to said system.
Totally understand these things can creep up, and lack of, or barriers to communication certainly won’t help as you seem to point out.
Just to clarify your point about moving to “said system” is this moving to open source code with copyright licensing in place, or moving everyone to a single security system?
A “protection” system, sadly. We would love to be able to enforce auditable open code, but since there’s no way to automatically detect improperly used code (e.g. even detecting if someone renames all variables), and we have to compete with people selling their assets “underground” as well, such a system would have to be based on formal obfuscation (however implemented in less roundabout trashy ways than what is currently possible with sandboxing).
I don’t think a obfuscation system in and of itself it a bad idea people should be able to protect their work if they would like, however I believe that that the IP lock should be deeply looked into. It does provide a great deal of hassle for server owners. Just simply due to the fact that there can be locally hosted dev servers, or the IP of a server can change and its a pain to deal with. The whole authentication thing just becomes painful in my experience with it so far.
Perhaps a solution in regards would be some way of tying things into the keymaster? Where you could update “allowed” IP Addresses on the license key itself just an idea but what do I know. Anyway thanks for reading and have a great day!
Looking at them banning all gameservers other than zap, features gated behind Patreon keys and only allowing people to make money on code once they figured out how to get a percentage of the sale, we can safely assume that the object of the project is not what you think it is.
As for the topic, it would be nice to give paid content it’s own category so we could unfollow it and keep it from clouding our latest topics. As it stands, it’s not that hard to ignore, however.
I believe, that anyone new post that has [PAID] [PAID RESOURCE] should need to be approved by moderators after a look through of the code making sure it actually fits the price and isn’t copy and pasted code.
That’s the last thing a free market system needs. If you don’t feel it’s worth the price, don’t buy it. The last thing a paid system needs is some gatekeeper that tells them they’re release isn’t worth what they’re asking like they’re supposed to start haggling for a price that’s deemed acceptable by the overlords.
Just don’t buy the resource if you aren’t impressed by it.
Yes but not everyone knows each and every script. For example someone could find a cool script that is not very popular and then just sell it for more and a decent amount of people would not even know.
