So I have a remote event which opens a door the door if any of the players in the press a button in the playergui it opens a door however you need to answer questions and riddles to open it. But im quite concerned about security from what i’ve seen in games exploiters use local scripts so could an exploiter send :FireServer() to the remote event? If so it’ll make the game extremely easy and unfair
Yes, exploiters can :FireServer() on remotes. What you will need to do is check on the server if the player has solved the riddle before letting them open the door when the event is fired.
There is no way to keep remote events securable, the only way is.
- Add cooldown.
- Add debounce.
- Verifier.
- Etc.
Exploiter can fire server event. (Remote Event)
I generally don’t use remote events because of this problem alone, this is why I use module scripts
Exploiters can access module scripts in replicated storage.
They can access the data, and functions in the modules yes, but if it isn’t ran on the server then it’ll only effect that player.
Module scripts that communicate between the server and client and are sensitive are not a good alternative to remote events. Exploiters can only fire remote events but with module scripts that can see all the code and change it (if it is in replicated).