search

multitheftauto / mtasa-resources

This project maintains a list of up-to-date resources that come with Multi Theft Auto.
https://multitheftauto.com
MIT License
151 stars 151 forks source link

basic security resource as a foundation #528

Closed ffsPLASMA closed 1 month ago

ffsPLASMA commented 1 month ago

As the notes say, this resource aims to be a barebone security foundation for server owners to enhance and adapt on for their personal gamemodes. As recent times showed, security needs to be highlighted more and this resource should give a base start point for developers to work on. It only covers the most basic events and logs them.

Fernando-A-Rocha commented 1 month ago

You are basically implementing these principles https://wiki.multitheftauto.com/wiki/Script_security

Fernando-A-Rocha commented 1 month ago

I suggested this on mta dev discord and people discussed it. Some said it is not enough to make a server secure, that is correct, it's a foundation as PLASMA stated here in this PR. I believe it makes sense to have this resource in the default resources pack. It's essential nowadays on all servers.

Fernando-A-Rocha commented 1 month ago

Previous discussion here: https://discord.com/channels/801330706252038164/801407272483291136/1248315073844220084

ffsPLASMA commented 1 month ago

Yes its not a solution to cheating, nor should it be considered. its just a base with some useful events to catch potential abusive players and build upon it. I always wondered why nothing of such sorts were included by default.

Dutchman101 commented 1 month ago

I get the intent here but I really don't see this as a useful resource. If all it is doing is logging potentially problematic behavior. For this to be useful, it should really be integrated into admin/admin2 and take some action by default.

This is just the beginning, after we see results from varying servers and gamemodes, the logging sensitivity may be tweaked to the point it's suitable for violation to lead to an action (or specific violation subtypes, definable by the server owner, as appropiate for their gamemode). Also, if we add universal, generic security checks that aren't mainly to raise an alert but to make a certain cheat effect impossible or violate on it, the code will grow expotentially as well as it will do down the line anyways, as again this is a very early version and there's much more to do here; it's better in a dedicated resource than bloating admin, or having to mind its structure when expanding it.

Really more of a "good to have, why not" thing at this point, and it can become really of value as it gets expanded to cover way more types of things.