The title did not lie. this will be very hard to put into words, so bear with me.
|
reference so this is a little easer to follow:
ServerDamageControl:
a server sided script that waits for a remote event to be fired.
Essentially, it waits to be called, deals damage, and applies an effect according to the listed damage type.
===========================
I have a module that stores different types of damage as functions, and, when called on the server side from serverdamagecontrol, it deals the according damage and applies the effect of the damage type provided.
recently, i have been worried because it’s not even remotely secure.
because multiple abilities have the same damage type, I can’t just assign a single damage value to each damage type on the server side, it needs to differ from ability to ability.
obviously, sending the amount of damage from the client is a TERRIBLE idea. i don’t know how to secure this.
============================
What would you do?
How would you do it?
And what benefit does your method have? (if any at all)
I can elaborate and provide code samples of anything you need to help me solve this. i know that SOMEONE on devforum has a good way to do this.
For example, our ability will be called “FireAbility”
One way to go about this would be to use attributes set to the player and go from there.
I’d also recommend adding magnitude checks to ensure people can’t choose a random player and apply damage from across the map.
The client should only ever have to call:
RemoteEvent:FireServer("FireAbility", Target)
Then the server should recieve:
RemoteEvent.OnServerEvent:Connect(function(Player, Ability, Target)
-- Abilities would be a ModuleScript or a table the Ability data is being stored on
local AbilityData = Abilties[Ability]
if not AbilityData then
return
end
-- Check if the player has the ability
if not Player:GetAttribute(Ability) then
return
end
-- Magnitude check
local PlayerCharacter = Player.Character
if not PlayerCharacter then
return
end
local TargetCharacter = Target.Character
if not TargetCharacter then
return
end
local MaxDistance = AbilityData.Range -- Max range in studs a player can damage another player
local Distance = (PlayerCharacter.HumanoidRootPart.Position - TargetCharacter.HumanoidRootPart.Position).Magnitude
if Distance > MaxDistance then
return
end
-- Use your Damage Module to apply the damage accordingly
end)
Just make sure you don’t set the attributes on the client or it can still be exploited.
How are you handling abilities being used, are they equipped? If they’re equipped do what potatobomb is recommending because like he said you can perform a sanity check. Just check on the server if the player has that ability equipped and it isnt on cooldown. It doesnt even matter if a player is exploiting as long as you’re checking if
A) They have the ability theyre trying to use
B) They can use it in that moment in time, cooldowns etc.
Also when doing this it’s a good idea to use a remote function so you can return feedback to the client for debugging at the very least, also means if successful you can do whatever you need to do on the client to identify that ability was used. E.g. a cooldown tween in a UI
Then store your abilities and their corresponding status effects on the server instead of parsing damage through e.g.
What do u mean by damage types? Are u referring to burn damage, poison, or frostbite? Or do u mean like abilities, say like fire slash or something. If u mean like abilities, I’d recommend you to store the abilities in a module, including their damage that they output. I’d also recommend handling the cooldowns on the server so someone can’t just spam moves.
Well no, if you track the abilities on the server, that attribute check will make it so they cant just choose any ability they want:
if not Player:GetAttribute(Ability) then
return
end
It doesn’t just have to be checked from attributes though. You can track it on tables on the server or through DataStore (if its saved)
The only way a player would be able to call any ability they want is if the attribute or any important data related to the abilities is done on the client.