Any secure method of receiving Fired remote event location from Serverscripts?

The purpose is to have the server check which local script fired the remote event without using the client as a reference. If the script location is nil , the player gets kicked.

I want to implement additional security measures when using RemoteEvents so that when a remote event is triggered, the server will get the location of the local script that triggered it. If the server returns the instance of the fired location nil, the player will be removed from the game. This prevents exploiters from communicating with the server. I want this process to happen on the server script. I’m unsure if remote-spy inputs the exact location of the script that fired it or tracks remote events in general.

I do not want to use this method below as players can input their own and bypass it.

== bad example==

– client
Remote:FireServer(script,script:GetFullName)

– server
Remote.OnServerEvent:connect(function(player,script,location)
if location ~= nil then
if script.ClassName == “Script” then

– safe
end
end
end)

I would try serverscriptservice, I’m pretty sure that can be seen by the server and not the client.

Are there any functions/properties that can indicate which local script fired a remote event? I do know that the client cannot see Serverscriptservice and I have been using it. I’m looking to secure remote functions from only the Serverside and nothing to do with the client.

The only data you receive from the client on the server from a remote call is the client who made the call (represented as their player object) as well as any arguments passed. You can’t see the script that fired it and it wouldn’t matter either. LuaSourceContainers are basically just code bootstrappers, you can’t access the actual running code.

No secure way of doing this either. The moment you introduce a client dependency via arguments, they can spoof it by sending something that the server will recognise as valid. That trucks your system almost wholly. This does not cover complex key rotation systems: they can still be spoofed but they’re made difficult to do so through a lot of hoops. I’m not familiar with this kind of system and I don’t really want to do it either. For me, it spells headache.

1 Like