Comments (4)
Hmm, thanks for bringing it up. Unfortunate that some people felt enough concern to say it in discord but not post here. I don't use the CFX discord so I appreciate you mentioning it here.
To give a bit of background on why this was added: The server I work on (that a lot of PZ feature requests come from) wanted a way to trigger an event for people inside a particular zone. PZ was not able to be implemented server-side at the time and so a forwarding mechanism was required. Frankly, this was added over a year ago and I have never seen this exploited (and as you're probably aware, many very large servers use it). But I agree it could be exploited and agree we should avoid that.
I wouldn't want to remove it, because it's been useful for us on the server I work with (and I'm sure for others). I think the best way forward is probably just server-side validation. I have recently wanted to implement PZ server-side (shouldn't be too many changes) and so that might be the best option, though I would need to think about the best way to efficiently keep track of all the players.
On one hand, just keeping a list of what players are in what zones through a check of all players every second or so would work, and would make triggering zone events very cheap, but feels heavy running all the time when it might not be used often. Alternatively, it could just check and confirm what players are in the zone when a zone event was triggered, and that would avoid the cost most of the time, but would make triggering zone events a lot more expensive. I lean towards the latter, since zone events are not triggered often (at least on our server), but I'd like to hear your thoughts @Ekinoxx0 .
from polyzone.
@Ekinoxx0 Any thoughts on the above response?
from polyzone.
I think the better way to do it is just to give the choice to developers :)
You could leave this server-side event system here for compatibility and allow it to be activated/desactived (I would suggest disabled by default until used)
I my head, it would be better to generalize the current PolyZone code so it could be run server side AND client side, then do checks wherever you need, then allow zone one by one to be "client-side driven" by events with a lot of checks (ratelimiter, whitelisted zones names, maximum table size in character count).
But this could be hard to implement properly without affecting too much on performance.
All of this would probably need to be actually implemented to really see the result on different sized servers.
from polyzone.
Hi 👋, the complete implementation of PolyZone from server-side would be a great idea but need some work, for now i suggest that you delete the part that register the event as networked so we are still able to call it from server-side in future releases, this is not a tiny exploit as this allow even the sending of any arguments the client want to any clients.
from polyzone.
Related Issues (20)
- ClearAreaOfPeds with PolyZone HOT 1
- Polyzones linking together HOT 1
- Combo onPlayerInOut method not getting triggered HOT 8
- Not an Issue, Vehicle delete outside of Zone
- [QUESTION] Is there any way to edit inside the zone? HOT 1
- scroll down not working when working on zone
- [Potential Bug?] HOT 2
- Warning: Passed points table with less than 3 points to PolyZone:Create () {name=test}
- [HELP] Bug or misunderstanding HOT 1
- Need help on code. HOT 2
- Add support for Javascript or add exports HOT 4
- Problem in isPointInside when use circlezone HOT 1
- pzdebug command HOT 5
- Regarding Issue #90 HOT 2
- pzcreate box HOT 4
- Attempt to index a nil value HOT 1
- attempt to index a nil value
- polyzoones HOT 1
- C#
- REDM BlockWeaponThisFrame - nil value HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from polyzone.