I hold all player data in server storage and request it using remote functions. Is that safe? if not , why?
are you talking about a client requesting the server for someone else’s data?
Its probably possible for an exploiter to send a request as if they were another player, but I don’t think its something any random script kiddy could do.
Yes, the exploiters can edit everything that is on their client and is replicated on it. But if the client makes changes, they will only be visible to him. The security problem will depend on what you will use the data returned by the remote function for.
“Its probably possible for an exploiter to send a request as if they were another player”
I don’t believe what you said here is right unless you have the other person IP (or however Roblox identify you) since you don’t send yourself as an argument in remote roblox automatically do it
Yes. Exploiters are able to edit any data being returned by server to client.