fivem-security

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

🛡️ FiveM Security & Anti-Exploit Principles

🛡️ FiveM安全与反漏洞原则

This skill provides architectural guidance for securing FiveM resources against common cheats, unauthorized event triggers, and malicious data manipulation.

Core Philosophy: NEVER TRUST THE CLIENT.

The client is in the hands of the user, which means it can be fully compromised. Every action that affects the game state, economy, or other players MUST be validated on the server.

本技能为保护FiveM资源免受常见作弊行为、未授权事件触发及恶意数据篡改提供架构指导。

核心理念：永远不要信任客户端。

客户端掌握在用户手中，这意味着它可能被完全攻破。所有影响游戏状态、经济系统或其他玩家的操作都必须在服务器端进行验证。

📂 Core Concepts & Rules

📂 核心概念与规则

Detailed rules are broken down into specific topics within the

rules/

directory:

events.md: How to properly structure and validate
```
RegisterNetEvent
```
/
```
TriggerServerEvent
```
to prevent unauthorized execution.

详细规则被拆分为

rules/

目录下的特定主题：

events.md：如何正确构建并验证
```
RegisterNetEvent
```
/
```
TriggerServerEvent
```
以防止未授权执行。

⚠️ The Golden Rules of FiveM Security

⚠️ FiveM安全黄金法则

Server Authority: The server dictates the truth. The client only requests actions.
Never Trust Parameters: Always validate arguments sent from the client (e.g., if a client says "give me $50", the server must check if the client earned it, not just blindly accept the amount).
Distance Checks: Always check the distance on the server side before allowing an interaction (e.g., looting, selling, entering a zone).
Rate Limiting: Prevent event spamming by implementing server-side cooldowns or debouncing for critical actions.

服务器权限：服务器掌控真相。客户端仅能请求操作。
绝不信任参数：始终验证客户端发送的参数（例如，如果客户端说“给我50美元”，服务器必须检查该客户端是否确实“赚取”了这笔钱，而非盲目接受金额）。
距离检查：在允许交互（例如 loot、售卖、进入区域）前，始终在服务器端检查距离。
速率限制：通过为关键操作实现服务器端冷却或防抖机制，防止事件滥用。