Say, I made a RemoteEvent from a ServerScript in the ServerScriptService. If some hacker had DarkDex, will he be able to see the RemoteEvent I made from a ServerScript ?
Yes
1 Like
Well yes and no. If you create the instance on the client yes, nothing special. On the server, as always, no.
NOTE: By on the server I don’t mean making the items through a server script, but them being stored in a place only accessible to the Server (e.g. SS and SSS)
2 Likes
@DataSigh is correct, but I thought I’d explain. Anything on the server, whether it was there from the start or created by a script, is copied over to the client (as long as it isn’t created in something like ServerStorage, which as the name suggests, is server-side only). So, yes, an exploiter could see and fire a RemoteEvent created with a script. The only way to stop them from messing with this is to do a check on the server side to make sure that the event is being fired how it should be, or at least that the player firing it could be firing it for real.
2 Likes
Example of how to check if the event is being fired without hacks?
No, the client cannot access instance(s) created in ServerScriptService or ServerStorage. (unless the client created them)
there is no point in a remoteevent if the client can’t access it, so after it gets created and sent to the client they will 100% be able to see it
It doesn’t get sent to the client if it was created in ServerScriptService or ServerStorage.
wym
So how will he use the remote event then? He’s not creating it for fun
1 Like
It varies on what your event is used for. Let’s say it’s an event that fires a power, you would check (on the server script that handles the event) that the player actually has that power unlocked and can currently use it (off cooldown). Maybe it’s an event that a player has to be at a certain place for it to fire, in the server script (handler) you would confirm they are actually there
1 Like
I can’t think of a way to check if it is being fired without hacks, but you can make sure the client could theoretically be firing it. For example, in a sandbox game I’m working on, I have an event for when a player places a part. I send the event when the player clicks while holding a tool. However, an exploiter could be firing it manually. To get around this, I do all the checks that would be done to confirm a part could be placed that were done in the local script in the server script as well. So, on the server side, I have if-statements for whether or not the position the part is being told to be placed at is within the 25 stud range minimum of the player, and another for whether or not the player has enough wood in their inventory to place this part.
tl;dr: use if-statements on the server-side script to confirm that the event being fired could be being fired for real by the local script.
2 Likes
Can RemoteFunctions be spied on?
You cant use the RemoteEvent on the client then. (If its in ServerStorage or ServerScriptService)
Exploiters can theoretically see anything that involves communication with the client, so they can see the arguments and return value of the remote function. They can also modify what it will call if the server fires it.
ok…so then there’s no point in creating one
Yes they can they are just as vulnerable as remote events but actually can be even worse if it’s a server InvokeClient because they can manipulate what it returns
1 Like
They’re saying that they’re only useful if made in ReplicatedStorage, which obviously, the client can see.
It seems to be what you’re both saying, in fact. You just seem to be misunderstanding each other.
3 Likes
i know this topic is already been solved but i’ll give an explaining, who knows my explaining is more useful
when a serverscript in ANY location inside game creates an instance, it will be visible to every client/player in the server. except if the serverscript inserted the instance to ServerScriptService or ServerStorage, no, nobody other than the server itself can see it because the two services cannot be seen by client-side. when a localscript creates an instance, it will ONLY be visible to the localscript’s client and not visible to the server and other players.
addition: the client-side can see ServerScriptService and ServerStorage, but they are always empty
3 Likes
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.