I have some events being fired from the client, and they are only activated if the player presses a certain key. I want to know if it is safe to have events firing in a LocalScript that is only activated by user input. Thanks!
Note: If there is any other way to change things on the server based on UserInput, I’d love to know.
Anything the client does, an executer can do. For example, in your script you can have RemoteEvent:FireServer(), you can also run this too simulating it originated from the localscript.
Most games use it because most games require input from the player xD
If you’re asking how to make it non fakable/exploit protected you just want to do minimal checks on the client, as in cooldowns or distance etc, then on the server you want to do the main checks, to make sure it is the appropriate time to fire that event.
Nah you ain’t able to. This is because of how the client is made. You can think of the client as the physical player, and the server as the world around it. The world around the player has no way of knowing if the player pressed something, other than WASD and spacebar (these make physical movements), however the player knows what it clicked, which is why ContextActionService and UserInputService are both client only services
Depends on how you execute it. If you protect your remotes with checks/make it non squishable then yes it is safe. However if you leave an open window for an exploiter to alter something in the game (whatever that remote event does, in this case change stamina), you could be looking at an issue
Edit: This goes for all client - server communications, not just the UserInputService
Technically yes, but like I said earlier just run checks and if everything checks out then execute the code. If someone has all the right conditions most likely they’ll just press E and not use an executor and run code from it