Basicly I have a global function that is there to create explosions. I have it because I often use that explosion and it just makes it easier.
Basicly I am calling a position for the explosion and a explosion model.
Is it possible that the exploiter can access that somehow and create explosions everywhere? How secure is it and how could I make it more secure?
Exploiters can access anything on the client no matter what. You should always (always) assume that anything a user does is malicous until proven otherwise.
Rule 1 of network security: Never trust the client
Rule 2 of network security: NEVER trust the client
Further reading:
Or don’t use _G in the first place. Use of _G is bad practice. It’s exactly why you don’t use global variables - name collisions. Consider bindables/module scripts.
They can only access it if its on the client, if it is on the server then they cannot access it.
You didn’t read my post. At all.
EDIT: The OP doesn’t specify that their function is on the client or the server.
If it’s on the server you’re fine @Paintertable (but you should use a module script instead of _G)
If it’s on the client then an exploiter can access it.
Do note that if you have something like a MakeExplosion remote event, exploiters could abuse that.
Jeah it’s on the server, mad bad guys. Okey good to know :))
There is a _G for the client, and a _G for the server. The server can read server _G code written in server scripts, and the client can read _G code written in client scripts Basically, an exploiter would not be able to access your function unless you put the function on the client. If it is on the server, then there is no way they’ll be able to access it.
Even if an exploiter could access your function, why would that matter? They can create explosions manually without the use of your function in _G. That being said; _G is different per machine and per client, so you’re fine. Why use _G when you can use ModuleScripts though? Fits code structure better.
That’s true and thats what I normaly do tbh.
I just though this fittet more in my code structure but I am happy to change that.
Thanks :))