Make loading embedded lua scripts optional

[nweb]

Is your feature request related to a problem? Please describe.

Embedded lua scripts are loaded for each resource before your scripts, allowing lua injectors to call their addDebugHook first and control subsequent code behavior without modifying your scripts or introducing new ones.

Describe the solution you'd like

Add a parameter to the server config to allow not loading these in-line scripts on both the client and server sides.

Describe alternatives you've considered

No response

Additional context

Also please note that the only function used in server releases in these scripts is a layer above the call (exports.lua), but this is a pointless technique in my opinion, and the server owner has the right not to load the memory with useless layers.

Security Policy

• I have read and understood the Security Policy and this issue is not about a cheat or security vulnerability.

[CrosRoad95]

Add a parameter to the server config to allow not loading these in-line scripts on both the client and server sides.

It can not be done because it forces you to update an entire server. Maybe it will work for small, new server but not for servers that are actual targets for cheaters.

[nweb]

Add a parameter to the server config to allow not loading these in-line scripts on both the client and server sides.

It can not be done because it forces you to update an entire server. Maybe it will work for small, new server but not for servers that are actual targets for cheaters.

If the server owner is interested in fighting cheaters, it is not a problem to modify the method of calling exported procedures.
I don't understand the need for these built-in scripts, it would have been possible to do without them, or to build them into the source code, or at least to store them in compiled form.

[CArg22]

If the server owner is interested in fighting cheaters,

it is dutchmans101 duty

[TracerDS]

If the server owner is interested in fighting cheaters,

it is dutchmans101 duty

No. No its not.

[CArg22]

If the server owner is interested in fighting cheaters,

it is dutchmans101 duty

No. No its not.

I have seen that cheaters are using directly c++ functions. How are you going to detect if given trigger was triggered by cheater?

[TracerDS]

I have seen that cheaters are using directly c++ functions. How are you going to detect if given trigger was triggered by cheater?

They can use assembly, doesnt matter. After all, MTA Client as a whole is fully accessible to the cheater.
You can only detect so much. Still, up to this point we have an amazing AC that catches most predators (😏) despite the AC being not really a kernel level AC as we know it (unless something changed).

[CArg22]

It is not good enough. Dropped doing my server because of cheaters with slurs instead of serial were crashing my server over and over

[TracerDS]

It is not good enough. Dropped doing my server because of cheaters with slurs instead of serial were crashing my server over and over

Make your own account system and you dont have to worry about serials no more

[Nico8340]

They can use assembly, doesnt matter. After all, MTA Client as a whole is fully accessible to the cheater. You can only detect so much. Still, up to this point we have an amazing AC that catches most predators (😏) despite the AC being not really a kernel level AC as we know it (unless something changed).

MTA also has a kernel level anti-cheat (FairplayKD)

[TracerDS]

Welp, nvm it then.

[Nico8340]

My personal opinion, as someone with more insight into this situation, is that this feature would be almost useless, the only thing we would achieve with it is that panicked server owners would disable these embedded scripts that are often used (iprint, exports) and break their compatibility, which can cause problems for incompetent or novice developers, while this change would not increase security in any way, because cheats simply do not work that way, but hook functions that they can modify and use at their own will, and this is difficult to control directly from the code, and in fact, it cannot be completely prevented.