lets say you have this code:
local module = {}
function module.getSecretNumber()
return 1
end
return module
if this isnt in anywhere the hacker can go into (not anywhere locally) can the hacker somehow do something like local module = require(module) print(module.getSecretNumber)?
Exploits can only access things that are viewable to the client. If the ModuleScript is on the server, an exploiter can’t touch it. They can only gain access to it if you have a vulnerability in a RemoteEvent or something similar
what if the module script was in replicated storage? would the hacker then be able to just print(module.getSecretNumber)?
Yes, items in ReplicatedStorage are visible to the client. The only places exploits can’t access is ServerScriptService and ServerStorage
so wouldnt many module scripts be easy for exploiters to exploit? like if there’s something like this
module.winGame()
rm:FireServer("win") -- i dont actually use this, just an example
end
or if you had a ragdoll script. would they be able to just automatically ragdoll themselves?
Yes, if the client can see it, exploiters can access and manipulate it as much as they want. ModuleScripts are important for developers, but aren’t really secure. Very important Modules are typically stored on the server so exploiters can’t gain access to them.
However, if I recall, a staff member said they were looking for a way to make ModuleScripts more secure, but that was months ago
Alright thanks! ill probably just use remote events instead of putting module scripts in replicated storage (so everything can basically be done on the server)