what if i create a value with the key in server storage for each player and make a remote function that will either return true or fals (true would mean the code is right, false would kick)
would that work fine as well or should i do your method
Just a reminder that this is not a very good method actually stop exploiters! Exploiters can see what gets set to their client and what gets sent out - so if at any point you send them a key from the server, they can then use that key to send their own event. This type of defense will stop pretty much just the exploiters who donât really know what theyâre doing (which is not an insignificant amount, but still).
You should always prioritize the worst case scenario when dealing with exploiting (the exploiter knows exactly what they are doing and will spread their methods down to others)
Answering OP - there is no way to prevent exploiters from firing remotes - what you need to do is sanity check like crazy. Never trust the client. If you have like an add money remote, make sure you check if the player is really supposed to get money from the server.
the only thing bad about set keys is remote spies 
well there is no remote that would allow the player to print the code i think
or gain access to it somehow
No what i mean is theres this tool exploiters use where they can see what parameters they are passing and what remote events exist. They can see everything on the client and as you know remote events need reference from client and server
Oh, you are right. I had no idea itâs deprecated until today, but in this case, nobody is really right in this situation because both os.time() and tick() are timezone dependent.
And by the way, RunService.Heartbeat is being deprecated too.
oh so they can see whats in server storage
Here is some evidence to support what I mean
No no they cant see stuff on server storage only stuff like replicated storage or workspace and anything else replicated to the client
I was just giving an example, There are better ways and I do have a good method for keys
Instead of the table yes, i actually used that since I used to suck at tables
Also accessable amongst other server scripts
so they cant get the key⌠im confused
They can get the key but its fine if you are giving them a new key after
oh yea i can just generate a new key each time i call a remote
that would be fine right
Sometimes you can add a fake remote event labeled âAddMoneyâ or âGiveGoldâ and just lead it straight to a ban.
1 Like
Just make sure to use an actual cipher algorithm like RSA instead of math.random() to avoid any repetition!
haha i like this one. definetly will try it out
1 Like
You mean they can detect remote events being fired all the time?
such as
for i, v in pairs(game.ReplicatedStorage:GetDescendants()) do
if v:IsA("RemoteEvent") then
v.OnClientEvent
-- etc etcyea but how do i do the cipher? is there like a ready to use function in roblox already to do that or do i have to do it myself
You give it data (the thing you are sending) and a key (the non repeating random stuff, a example could be the digits in the logarithm of 2) and then you encrypt it with that key and send the key to the client, client decrypts and then after u send it to the client u change the encryption key