Can i confirm game.Players.LocalPlayer.Item.Value is still under the server and hence not easily hacked by player?

I am asking because i discovered that local scripts can read the value.


If the value is read from LocalScript of exploiter’s client, then it will read exploited value. But if Script or LocalScript are ran on other clients and server, the value will not be affected by exploiter, thus it will read clean value.

1 Like

sorry i am a little confused… kindly allow me to make an example?

I am using game.Players.BaconBoy.Cash to store cash value.
I use local script to read LocalPlayer to show how much he have.
When BaconBoy wants to buy something, the local script triggers a remote server event to purchase and a script will process and change the value of game.Players.BaconBoy.Cash.

Can BaconBoy change the value at his end making him rich?

thank you!

If BaconBoy.Cash value itself is read from LocalScript of exploiter, it will read value which is changed by exploiter.
So if you send BaconBoy.Cash.Value to server using RemoteEvent, then it will read value which is changed by exploiter.

But, if you only trigger RemoteEvent without sending BaconBoy.Cash.Value, and check, verify the value from server, then it will read clean value (non-exploited value).

1 Like

Ah ok … let me confirm my understanding. I think i am safe.

When BaconBoy local script triggers the Remote Event. Only the choice of item is sent.
The script upon receiving the event, will check the item sent over and pull out an internal record of the value. It will then personally go into game.Players.BaconBoy.Cash to READ / WRITE.

So hence BaconBoy cant do any nasty thing right?

thanks so much William!

If my understanding of your understanding is right, then there will be no issue!
You should always read and write value from Server-Side, never on Client, and that’s all you need to do. Have a nice scripting.


The value on the client only stays to them unless fired by a remote:

  • For example, let us say - I have an exploit, and gave myself tons of cash from the client:
-- This will not replicate, due to the exploit being client-sided - but our client will see the change **only itself**
game.Players.TheDemoDeveloper.moneh.Value = math.huge
  • The server, will not see this change at all due to this being client-sided.
    WAIT: They can replicate it through remotes! Let us say - we have a ‘ChangeMoney’ remote;

What if - the client fired this event using a exploit :warning:

-- Uh oh, the client has found the remote!

It would replicate to everyone else if it is not client-sided
Sorry if my explanation isn’t clear.

1 Like

btw I made up a visualized form (probably.) of what other people have said, so if you have any doubts they get cleared out hopefully

1 Like

that value can be read AND changed from the client, but this doesn’t mean it’ll replicate to the server. (to my knowledge atleast)

i went ahead and tested this, and it does not replicate.


  Server: Value created and equals 5
  Client: Changed the value to 10
  Server: Value equals 5
1 Like

This is due to Experimental mode being removed, and Filtering Enabled being enforced on all games, any changes made by the client won’t be replicated to server or other clients.

This is the post that announced about it, in 2018: Removal of Experimental Mode

It can’t be exploited. If I change my value on the client it doesn’t replicate to the server, so the server actually never knows about it. However if your relying on the client to tell what item the player has, for example if your firing a remote to the client and using the item the client returns from the remote function it is exploitable because the client can give back a different value.

But if the client changes something on the server it won’t replicate, so if your relying on the server to give the player the item it’s not exploitable.

1 Like