I’ve seen how long this discussion has gone but I just fixed around my code and I tried to change up a few values and I made it Un-Exploitable from what I’ve tested. Everything is on the server
Yes never trust the client, ever
This is what I do, but enjoy making an anti-exploit server-sided.
I knew that before but I wasn’t sure how extensive these exploiters could actually get.
It really depends on the exploiter, I doubt harkinian with his severe damage scripts will join your game. If its some skid I would not worry.
The issue is that while no, they cannot edit a local script per say, they can
- get the contents of that script
- duplicate that code in a new script that they can edit
I wouldn’t make a local script that has access to private information that isn’t the client’s.
Remember that this only happens in that server/game instance and unless you give them access to, cannot replicate to other clients.
Why store private information in ANY script in the first place? LocalScripts cannot do much but send data to the server with a remote for something that only the client can see.
Edit: Unless its a webhook or a cookie I guess.
The main thing I was asking was if an exploiter could change the quantity of the thing you sell in my game in the script but I changed that…
Let’s say you want to use a webhook to send information from the client to discord. The webhook link needs to be on the server to avoid exploiters getting to it.
Yeah lol, just realized that. I thought it depended on whatever kind of private information you were talking about.
Exploiter Could Could Edit An Localscript. That’s Why You Should Secure The Script, Make It Safer. Read This Forum : How To Prevent Exploiters / Cheaters Properly
If only Roblox would send the script instance together with the player… No instance is the same. If you would do :FireServer(script)
. It would never match with any other script no matter how identical they may be, & you can check this on the server. Sadly an exploiter still has as much control over this from the client as you, so it would make no difference. But they wouldn’t if Roblox sent that information forcefully same way with player. Would make huge benefit to always confirm the script is your original script from the server side. OnServerEvent:Connect(function(plr,source)
API keys, webhooks, etc etc. When I said personal info I didn’t mean personally identifying information which is more for web security. In that case, no, you should not put your home address in a server script.
Edit: don’t know why I replied twice.
I was just looking at my replies, sorry