Jump to content

Securing triggers


ds1-e

Recommended Posts

  • Scripting Moderators

Hey. I have a few questions about triggers.

1. Wiki says: 

Quote

Note: To save server CPU, you should avoid setting theElement to the root element where possible. Using resourceRoot is usually sufficient if the event is handled by the same resource on the server.

Everything what my gamemode needs, it's in same resource, so there's no need to use root as theElement?

 

2. Quote from wiki: 

Quote

Returns true if the event trigger has been sent, false if invalid arguments were specified or a client side element was a parameter.

There's need to check if trigger was sent? And if so how, to check that? Declare it to variable?

3. And here's question about securing data when using triggers - https://wiki.multitheftauto.com/wiki/Script_security

This is how it should looks?

-- clientside

triggerServerEvent("updateTable", resourceRoot, getLocalPlayer())

-- server-side

local client = client -- nothing wrong in declaring client as local? following performance tips :D
function updateTable(player)
	if client then -- if incoming data is from client
		if source ~= resourceRoot then -- source it's theElement argument called from client?
			return false
		end
		if player ~= client then -- if source it's resourceRoot then i need to pass player as argument? for additional compare it with client variable?
			return false
		end
	end -- end of security check
end
addEvent("updateTable", true)
addEventHandler("updateTable", resourceRoot, updateTable)

Also, please take a look at comments in code, if you can, explain me everything :P

4. Nothing wrong if i would name event same as the event handler function? Kinda weird, maybe stupid question, but i want to be sure xD

Link to comment
  • Moderators
4 hours ago, majqq said:

Everything what my gamemode needs, it's in same resource, so there's no need to use root as theElement?

Yes.

 

4 hours ago, majqq said:

nothing wrong in declaring client as local? following performance tips :D

To be honest I do not understand why you would re-local a local variable.

Neither I do agree doing that with MTA functions specific. I tested those a while ago and they were just as fast as local functions. >> For some unknown reason.

(With the exception of methods: table.remove)

 

4 hours ago, majqq said:

There's need to check if trigger was sent? And if so how, to check that? Declare it to variable?

It will always be send in order unless the connection timed out.

 

Need a status?

Latent events.

https://wiki.multitheftauto.com/wiki/GetLatentEventStatus

Or send another trigger event back.

 

 

4 hours ago, majqq said:

-- source it's theElement argument called from client?

Yes. The handler will not accept anything else, except for itself or it's children:

4 hours ago, majqq said:

addEventHandler("updateTable", resourceRoot, updateTable)

addEventHandler("updateTable", resourceRoot, updateTable, false)

But I like to cut off those brats (children) as well and only accept the angry parent (resourceRoot). getPropagated = false

 

 

4 hours ago, majqq said:

4. Nothing wrong if i would name event same as the event handler function? Kinda weird, maybe stupid question, but i want to be sure xD

Doing the same thing, else I run out of variable names...

Never had any issues with it, so I am not going to change that habit.

 

 

 

 

 

 

Edited by IIYAMA
  • Like 1
Link to comment
  • Scripting Moderators
7 hours ago, IIYAMA said:

Yes.

 

To be honest I do not understand why you would re-local a local variable.

Neither I do agree doing that with MTA functions specific. I tested those a while ago and they were just as fast as local functions. >> For some unknown reason.

(With the exception of methods: table.remove)

 

It will always be send in order unless the connection timed out.

 

Need a status?

Latent events.

https://wiki.multitheftauto.com/wiki/GetLatentEventStatus

Or send another trigger event back.

 

 

Yes. The handler will not accept anything else, except for itself or it's children:


addEventHandler("updateTable", resourceRoot, updateTable, false)

But I like to cut off those brats (children) as well and only accept the angry parent (resourceRoot). getPropagated = false

 

 

Doing the same thing, else I run out of variable names...

Never had any issues with it, so I am not going to change that habit.

 

 

 

 

 

 

Thanks :D

  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...