I’ve been making basically everything local for the longest time, and with the new local variable limit I’m wondering if there’s any Roblox-specific security problems with using Global variables.
I’m not sure if this is true, but I think I was told in the past that global variables can be changed by exploiters… so that’s why I’m asking this–to clarify and find out what the differences are aside from how they can be used in a script (which I’m already aware of).
Googling this didn’t really help much as it referred to most basic Lua implementations of global and local variables.
So are things more difficult to exploit when using local variables, or are there similar things to this I should know about? Thanks in advance for the assistance.
Both globals and locals can be changed by exploiters. There is no security difference. However, you usually only end up using local variables for both convenience and proper code.
Locals only live for as long as their scope does, while globals for as long as their script does.
As long as the core variables are reading from the server only you will be fine like leaderstats the client can change them all try want it wont do anything to give them a advantage aslong as you are doing to value checks in the server anytime the client fires to the server to lets say buy something.
I’d argue that in terms of exploiting, it would be more difficult to exploit code embedded with lots of local variables since reading and writing to them only is possible while their activation record exists i.e. their data remains read/writable within their nested scope. Because globals are top-level data, they exist across scripts and are at the highest scope. I would not put important data in a global—only like constant values or things you absolutely must share.
However, this isn’t about security as much as code design, readability, and being able to alter data more easily. There’s not a real security difference.