Can exploiters change the player parameter?

I know the title is a bit odd, but here is my question in a bit more detail:

So, as we all know, when sending a RemoteEvent from the client to the server, the first parameter is a player parameter. I am makin a selection system for an RTS, and a check I want to make is that when issuing orders to your units, I want to be sure that you are the owner of the unit. I want the player parameter to be checked on a server-sided dictionary, but however, this system would break down if they can just simply change the player parameter.

I am assuming an exploiter can do this, but I just want to be 100% certain!

Thanks!

Nope exploiters cannot change it. Simple as that. If they could they would be doing it already.

But the thing that worries me is that they have complete control over the client. I’m going to wait for more answers before marking this answer as correct.

The thing is. The player paremeter is added on the server. When u fire a RemoteEvent, u send it to the Server. Since the server knows which “connection” fired the event, it can convert the “connection” into a Player.

Players can’t, if you don’t believe it then just take this as an example, don’t you think Players would have made exploits which would have done that already? Its not possible because the Server Adds the Player parameter, and Client has no access to Server Side.

Thank you so much! I didn’t know that before. Glad to know this system would be safe!

Also, thanks @sjr04 and @WaterJamesPlough for trying to help!

Edit: These are the times I wish I could mark multiple answers as correct!

This is what remote events are made for I believe? Otherwise it would have been so exploitable

The player parameter is probably generated from the websocket connection so it’s not possible to pretend to be another player unless they know the other players IP, can hijack the connection to establish a MITM session and can crack the encryption being used. Overall almost impossible.