“code on the server can still be stolen sadly”
Can you clarify on this? I’m not aware of any methods that allows a user to read or write server code.
2 Likes
I’m talking about their method where they are sending the Roblox LUA to the game server, and running it. You can easaly spoof as a roblox game, i.e I did it for marketplaces API.
1 Like
In the end I just obfuscated the code and made it very clear that I did so.
Remember, obfuscation can be undone in minutes. Hope it works out for you, also please respond to my message 
Afaik no one would like to unobfuscate a simple 100 line script obfuscated with synapse xen and alrighty.
code is easy to unobsufcate, and all it does is make it harder to read. it can be made easier to read with just a little bit of context and time.
1 Like
@sloss2003
Not sure where you came of the belief that server-side code can be stolen, because it cannot. Outside of people who directly have access to your Team-Create your server-side code is completely safe.
@congrajhulashions
Once again as I said above - what you’re doing is totally unnecessary? Your server-side code is completely safe from the client. There is no way to access it so why in the world would you loadstring it? In-fact if anything you’re actually making your game less secure to backdoors because you’re allowing for the possibility of loadstrings directly from the client.
TLDR;
- You do not need to ‘hide’ or ‘protect’ your server-side code from prying eyes. They have no access to your server scripts outside of remote-events which do not return anything unless you tell them to.
- Using HTTP-Service to load all of your scripts is really bad practice - and doesn’t offer you more security. It offers you less, as backdoors commonly target the loadstring property.
1 Like
I never said that? I am saying that web apis that send code to the server can be stolen. There is no surefire way to authenticate a game is a game.
“two code on your server can still be stolen sadly”
Seems like you may have just awkwardly worded your point, my bad for jumping to a conclusion. But yeah, no one should be under the assumption that server-side code is insecure to people who don’t already have a back-door in your game due to developer negligence.
So the HTTP method is just incorrect period cause it trys to solve a non-problem.
2 Likes
Yeah, my fault. Sorry! I was stressed out, just released myCenter v4!
The only reason why I do this is for when I know the source code may be stolen from people in my team create session (has happened to me before), which allows me to delete the code remotely. Of course they could print the Http request and steal the code, but at the same time I can prevent this by changing the authentication header.
If you use my service, RBXMod.com, you can give access to your game while your source code would remain on the RBXMod server. It runs remotely, so loadstring is never used and your source code is never transferred to Roblox. Hence, the permissions to run a script is not the same as the permissions to view/edit a script. To avoid the security issues with private modules your code will have to be reviewed before you are able to grant other people permissions or run more than one copy.
RBXMod is free at the moment, however when server loads become heavier I’ll implement prepaid resource tokens so that developers can pay for the resources they need. I expect the rates to match the cost of the servers. Code reviews are also free but will cost a bit scaling with the size of the code base, the desired capabilities, and if I’m familiar with the code.
1 Like
Currently I’m stuck on this page:
The website needs some love but the functionality is good. You can either back out to the previous page or register. When registering, be sure to click the register button again, not the login button. You can contact me directly if you still have issues, I don’t want to derail this thread. My discord is IdiomicLanguage#1337
1 Like