So lets say a server script calls :FireClient(player, WhateverValue)
I know an exploiter can read this value, however can an exploiter also alter this value?
Also exploiters can not call FireClient themselves, Right?
Because currently all they have to do is fire the remote event with fireclient to bypass my system
FireClient() can only be called from a (server) script. Clients cannot use this method, neither for signaling other players nor for firing to themselves. All communication between players has to go by the server.
Once the server sends something to the client, the data and how it is handled flows out of the server’s control.
remoteEvent.OnClientEvent:Connect(function(WhateverValue)
-- Upon receiving, it is up to the client how the data is handled.
end)
In that sense, yes, they can. Client have a lot of power over their computers. Server simply sends the information, but it cannot directly control what the client does with it once it is received.
However, if you write your code so that the server always remains the ultimate authority and doesn’t directly trust the clients, you will be fine