I don’t know which topic I should set this as so I chose scripting support. I’m creating a game and I added a script which checks if the code text exists in the replicated storage if it does exist then it will give the players coins however I don’t know if other exploits could see the entire replicated storage and just redeem them all including the secret ones which need to be found from a puzzle
2 Likes
ServerStorage and ServerScriptService are the only places that data is hidden from players.
5 Likes
They can see everything that is client sided (and replicated). Such as Workspace and ReplicatedStorage.
They can’t see source code of scripts, but they can see source code of Localscripts and ModuleScripts as they are client sided.
I would recommend to put codes either in server sided only places such as ServerStorage and ServerScriptService, or put them in table which will be located in script.
4 Likes
Yeah, they can use the for loop to print themselves the “children” of the folder.
30char
2 Likes
Wait to clarify so if I put a script inside a model like the tool box free model car which is in the exploit would the exploiter just view the script as an empty blank?
You mean if you share it to the toolbox? Then people can see it, I am talking about live game, in live game players don’t have access to them, only players that have permissions such as Roblox admins, and developers of the game like the owner.
2 Likes
Sadly thats not the case. They can view anything. even basic scripts like Dex Explorer has access to it now.
Thankfully that’s not the case, ServerStorage and ServerScriptStorage are not accessible by the client. Here is why, It is protected by the server and there is a reason games like jailbreak wont have an infinite cash hack. It would be so easy to do it if they had access to the server because they can set it to math.huge but since server and client dont interact like you think, it is impossible to make a infinite cash exploit unless there was a server breach via remote events and remote functions which i have a system using keycodes and stuff to prevent that type of breach. Additionally, “Scripts” not “LocalScripts” can not be read from the client as these scripts are also protected by the server. There are additional items that can only be read from the server even if the client is exploiting.
So in conclusion, Scripts (not LocalScripts) can not be hacked nor any assets inside ServerStorage or ServerScriptStorage unless there were server breaches.
…Even if they did have access to those services, that doesn’t mean they’d be able to set a value and have it replicate to server. That’s not how it works.
Sadly that’s not true serverstorage or serverscriptservice doesn’t replicate to the client as said here. The client can only see what he/she put in serverstorage. For example if I create a part on the client and put it in serverstorage I can see that. But I cannot see anything made on the server which is put in serverstorage.
How can the client see something from the server not replicated to it by the server?
https://gyazo.com/9cd966e174a9ec008d7c964c796a16e8
https://developer.roblox.com/en-us/api-reference/class/ServerStorage
No offense but I seen you spread this misinformation about server/client architecture in a lot of topics by now.
Okay well, You are CORRECT. However, I was more referring to if they had access to the server like he was assuming. If they had access to ServerStorage than that would ruin my file security COMPLETELY.