I was looking in the comments of a youtube video on a stamina system, a group of people were discussing whether or not to use a client sided stamina system, and I noticed this interesting comment:
https://gyazo.com/533e1bda39d3fcb244ec9539f3905bd5
I was wondering, is this true? Because I was considering changing my stamina script to be entirely local and handle all of the values in the script itself(rather than sending remote events and using attributes/numberValues).
Yes, anything on the client can be modified.
I am sure scripts can be edited by the client in their entirety too, hence exploiters sharing local script source code, but do not quote me by that cause I may be speculating.
Yeah I know you can decompile local scripts and module scripts, but I had no idea you could directly edit them while in game.
Exploiters can change and access everything the user client can, which means they can also call the server and send him information. This is why many people like to answer with “Never trust the client”. Because the information the server receives may be wrong, so always check it on the server side.