Adonis DataStore Key

JoshGlitcher · November 27, 2021, 11:05pm

[this is my first topic on the developer forum]

Hello, today I’ve noticed that Adonis’ DataStore Key can be used as backups and such, and some say that if people are able to obtain it, you can be in huge trouble, how so? I would wish to know if somebody were able to get my DataStore key, what would exactly happen.

I’ve tried looking on the Developer Forum a few minutes ago, yet my attempts were not successful.

settings.DataStoreKey = "???"

Expertcoderz · December 7, 2021, 10:19am

I covered that in my Adonis guide, take a look at the Why is the DataStoreKey Important? section.

JoshGlitcher · December 8, 2021, 4:44am

Hey, I did check your Adonis guide, for example, what would happen if somebody got this? How would they manage to access it? (could they access it using a datastore editor?)

Expertcoderz · December 8, 2021, 9:21am

As an example, they can wipe your saved data using the following serverside code:

game:GetService("DataStoreService"):GetDataStore("Adonis_1"):RemoveAsync("some_key") --// assuming your datastore name is "Adonis_1" and your key is "some_key"

Of course, for someone to actually do anything bad with your datastore key, they have to be able to execute code on the server (for example, an admin in your game using the :script <insert code here to do something to the datastore> command, or through a malicious script or Studio plugin that somehow found its way into your game). Under no circumstances are exploiters able to gain access to the datastore (even with the key), unless you’ve managed to get a backdoor (ie. malicious script/plugin) into your game.

Furthermore, it’s not very straightforward considering that Adonis (I think) encodes data before saving it to the datastore and overall makes things very complex behind the scenes, and as such it is difficult to directly access the data and see/modify it in any useful way (such as to add specific people as admin) [Note: this basically means that generic datastore editing interfaces won’t work meaningfully against Adonis since the data would appear scrambled]. So you don’t really have anything to worry about. Probably nothing would happen if your datastore key becomes public knowledge, and if it does, you can always change it.

icodedstevejobs · December 8, 2021, 9:50am

Adding on to your post, a good way to make a completely random key and saving it somewhere is using the HttpService.

I personally favor doing this in the command bar: print(game:GetService("HttpService"):GenerateGUID(false)) and writing down the result somewhere safe like a password keeper.

This generates a completely random and virtually not guessable key. More documentation on that here. Its a very overlooked HttpService function that has a lot of practical use

Expertcoderz · December 8, 2021, 12:17pm

Yes, although in this case, we don’t need cryptographic security or anything at that level as the Adonis datastore key isn’t considered a globally unique identifier or API secret, being just an additional layer of security against (somewhat unlikely) serverside tampering attempts.

Nevertheless, I’m aware of HttpService:GenerateGUID and will certainly be using it sometime in the future when UUID/GUIDs come in handy. Thanks for the reminder.

icodedstevejobs · December 9, 2021, 3:21am

I always view stuff with data as better safe than sorry