I am asking because i discovered that local scripts can read the value.
appreciate
I am asking because i discovered that local scripts can read the value.
appreciate
If the value is read from LocalScript of exploiter’s client, then it will read exploited value. But if Script or LocalScript are ran on other clients and server, the value will not be affected by exploiter, thus it will read clean value.
sorry i am a little confused… kindly allow me to make an example?
I am using game.Players.BaconBoy.Cash to store cash value.
I use local script to read LocalPlayer to show how much he have.
When BaconBoy wants to buy something, the local script triggers a remote server event to purchase and a script will process and change the value of game.Players.BaconBoy.Cash.
Can BaconBoy change the value at his end making him rich?
thank you!
If BaconBoy.Cash
value itself is read from LocalScript of exploiter, it will read value which is changed by exploiter.
So if you send BaconBoy.Cash.Value
to server using RemoteEvent
, then it will read value which is changed by exploiter.
But, if you only trigger RemoteEvent without sending BaconBoy.Cash.Value
, and check, verify the value from server, then it will read clean value (non-exploited value).
Ah ok … let me confirm my understanding. I think i am safe.
When BaconBoy local script triggers the Remote Event. Only the choice of item is sent.
The script upon receiving the event, will check the item sent over and pull out an internal record of the value. It will then personally go into game.Players.BaconBoy.Cash to READ / WRITE.
So hence BaconBoy cant do any nasty thing right?
thanks so much William!
If my understanding of your understanding is right, then there will be no issue!
You should always read and write value from Server-Side, never on Client, and that’s all you need to do. Have a nice scripting.
The value on the client only stays to them unless fired by a remote:
-- This will not replicate, due to the exploit being client-sided - but our client will see the change **only itself**
game.Players.TheDemoDeveloper.moneh.Value = math.huge
What if - the client fired this event using a exploit
-- Uh oh, the client has found the remote!
game.ReplicatedStorage.ChangeMoney:FireServer(math.huge)
It would replicate to everyone else if it is not client-sided
Sorry if my explanation isn’t clear.
btw I made up a visualized form (probably.) of what other people have said, so if you have any doubts they get cleared out hopefully
that value can be read AND changed from the client, but this doesn’t mean it’ll replicate to the server. (to my knowledge atleast)
i went ahead and tested this, and it does not replicate.
OUTPUT
Server: Value created and equals 5
Client: Changed the value to 10
Server: Value equals 5
This is due to Experimental mode being removed, and Filtering Enabled being enforced on all games, any changes made by the client won’t be replicated to server or other clients.
This is the post that announced about it, in 2018: Removal of Experimental Mode
It can’t be exploited. If I change my value on the client it doesn’t replicate to the server, so the server actually never knows about it. However if your relying on the client to tell what item the player has, for example if your firing a remote to the client and using the item the client returns from the remote function it is exploitable because the client can give back a different value.
But if the client changes something on the server it won’t replicate, so if your relying on the server to give the player the item it’s not exploitable.