Attempting to wrap my head around how Roblox handles individual things while keeping track of which direction what events are called to what scripts into which modules for what remoteevent to keep the exploitable commands, properties, and variables out of the scum of roblox’s hands without sacrificing too much performance. … It’s killing me lol.
One thread is CERTAIN you can’t exploit a “Script” placed in a tool unless it’s Local Script, and another the guy wants help stopping exploiters who are manipulating data in a script on a Tool kept in StarterPack. One thread will say Tools are safe in Replicated Storage and another that only Server Storage then cloned to the player with scripts only in ServerScriptService taking remoteevents from a localscript. Then someone says that having Tools & Tool scripts in the Server spots only is too laggy.
Another thread says anything in Replicated Storage can be easily “stolen” by people looking to leak or copy your game and nothing should be there except Sounds & FX and that even Hitboxes in replicated can be hacked, but thread B says “it’s all server sided the client would need to genuinely hack the server to change them there”.
So what I have learned is: Most people here have no freaking clue exactly what is obtainable/exploitable from what storage area and I as a newcomer to roblox have no solid authority to look to for this information. Also that no matter how hard you try, thanks to the performance limits of roblox servers, you will inevitably have something exploitable so pick your battles.
.
.
.
Where you all come in!
To reiterate in case you skipped to the good part I am fairly Robloxgreen and I have no idea what areas will hit the performance too hard to be worth the effort to hide.
I need a visual table or something of where all of you consider the “best spot” for individual items with considerations for Limiting-Exploits & Preventing “Theft” of important code while attempting to maintain at least Acceptable Performance and WHY it’s the best spot so I can better understand the process.
i.e. DataStore & Loot Tables, Monster Handlers, Pathfinding, FX&Sound to be replicated to all clients. I have seen a few layouts where the primary DataStore is in ServerScriptService but then all the Item data such as Damage/Speed is kept in Replicated - if Replicated really is riskier then why not hide it all in ServerScript?
How do you handle your Tools, Damage, & Hitboxes, this is a big one I see people disagree on where to store them, how to call them, where to put the scripts that control them.
Gampasses / NPC Shop Data?
What items do you specify for network ownership? I see death state is one of the major exploit issues along with hitboxes.
What data do you hide in ServerScriptService/ServerStorage just to keep it out of prying eyes?
.
.
.
If I read and kept track of everything I think I understood from all the other threads I read over most games are setup something like:
DataStore = ServerScriptService with a “support” module in replicated to prevent some exploits? [that thread didn’t have a good example of what that module is or handles, curious on this one.]
Virtually everything else they keep in Replicated from FX to Sounds to Hitboxes & Damage Calc & Debris handler.
Most of them seem to keep a “Script” under each tool and some FX Local Scripts which include changes in MoveSpeed / Jump Power / sometimes even calculations for extras like Strength / Stamina etc in custom stat systems which shifts during an animation. Isn’t all of that exploitable? Isnt there a way to set a ModuleScript in the ServerScriptStorage to handle any Clone() to the player for a specific tool without it being too unresponsive? How/Where else do you recommend?
.
.
.
If I could get replies in a visual format something like
Tool=StarterPack > ToolScript=OnTool > RemoteEvent=OnTool > FX+HitBox&Damage=LocalScriptOnTool [because you love hackers and hate hitbox lag].
It would help when I start laying pieces together and reference here later.
Appreciate it!