Hey there, I have a modulescript that’s parented to a server script in workspace just like this:
It contains an API key and I would like to know whether or not an exploiter could come along and steal it with it setup like this.
Any modules that are replicated to the client can be decompiled
1 Like
No, the workspace descendants will be replicated to the Clients, thus allowing for it to be abused by Exploiters.
Your safest bet is to place on in a place that will only replicate to the Server, which is ServerScriptService and ServerStorage, these containers will only replicate on the Server, and not the Client, thus unexploitable unless you give the Client access without doing sanity checks.
Keep in mind that not everything should be server sided, so I wouldnt do this for everything, and only for very important things, like API Requests, and DataStores, as you wouldnt want people to attack these.
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.