Skip to Content
SecurityCommon Security Risks

Common Security Risks

Understand and prevent common security vulnerabilities.

Event Injection

Risk

Clients can trigger server events with malicious data.

Prevention

RegisterNetEvent('myresource:purchase')
AddEventHandler('myresource:purchase', function(itemId)
    local source = source
    
    -- Validate input
    if type(itemId) ~= 'number' then return end
    if itemId < 1 or itemId > 1000 then return end
    
    -- Process purchase
end)

Eval Injection

Risk

Using load() or eval() with user input.

Prevention

Never use eval with user input:

-- BAD
load(userInput)()
 
-- GOOD
-- Use whitelisted functions only

SQL Injection

Risk

Unsanitized SQL queries.

Prevention

Use prepared statements:

-- BAD
MySQL.query('SELECT * FROM users WHERE id = ' .. userId)
 
-- GOOD
MySQL.query('SELECT * FROM users WHERE id = ?', {userId})

Best Practices

  • Validate all input
  • Use prepared statements
  • Sanitize user data
  • Limit permissions
  • Regular security audits
Last updated on
Anti-Cheat BasicsLegal