Can exploiters edit table that inside script?


So as title says can they edit it? What i mean is i have a local script and inside it i have table with every single data, can they edit it and for example give themselves alot of currency or something?

If the currency is handled on the server like it should be then exploiters won’t even be able to touch it at all.



I don’t want to have like number values inside player and store data like that. Instead i get data on server then when player requested data or on server data updated i send new data from server to client.

Thats why i want to know if they can edit tables inside script

afaik if it’s a ModuleScript, then it is possible by requiring the ModuleScript and then changing the values.

Not sure about LocalScript.

Code example:

local weapon = game:GetService("ReplicatedFirst")["GunSettings"]:FindFirstChild("ModuleScript")
local weaponstats = require(weapon)
weaponstats.BaseDamage = math.huge
weaponstats.Ammo = math.huge
weaponstats.ReloadTime = 0.0001
1 Like

I have like 1 local script and this script requiring modules like module for guis. When data is updated server send it to client, this local script have table with data from server and then requesting to do update gui function for gui module and this function need new data value like this:


So i store table with data only in 1 script and not in module scripts. I tryed searching before if they can access, but didn’t found anything.

Everything below is from what I remember.
When you require a module, it is independent from the other requires of itself, so data will not change between them. A localscript’s tables and variables can be edited by an exploiter if they know the memory locations of the table/variable but a normal script does not have that problem since it is not replicated to the client and therefore not stored in memory.

1 Like

As far as I know, any data or local scripts on the client are accessible by exploiters, so it’s always a good idea to verify data on the server if it’s coming from the client.

That being said, I’d recommend storing a copy of the table on the server and on the client so you can check if the client has modified anything. (This is only necessary if you also send client data to the server).

Now if you’re only worried about the client changing values in the table on their end, I’d assume that hypothetically they could if they wanted to. But again if it’s just being used for display purposes, then it’s only going to affect them, and won’t cause problems on the server or for any other players. (So I wouldn’t worry too much about it)

Note: I believe scripts in ReplicatedStorage are also fair game for exploiter access, so this would include module scripts stored there.

1 Like