So, is it only through local scripts that people can do malicious things?
Like if your game was written entirely with server scripts, do hackers have no way to cheat those scripts and systems?
And isn’t anything done locally via (local scripts) only affect that 1 player? Or can local scripts affect server sided events without remote event?
Server is Server. Client is Client.
If you want user input though you’re going to have to use LocalScripts. So it’s a little hard to make a game with only Server scripts as you need LocalScripts for tools to work properly.
Yes, clients can only execute code with client-sided permissions unless they’ve backdoored your game.
If the entire game was written with server scripts, they would not be able to interfere with the execution of those scripts directly. But this is no reason to avoid local scripts, they are still needed to run things like GUIs and to create a responsive experience. You just don’t want to rely on the client for critical information.
Local scripts only affect a single client, with a few exceptions like player animations and character movement which replicate to all clients (but they can only animate and move their own character). They could move unanchored parts as well.
Yea I don’t intend to avoid them I just wanted to get this straight. Still a little fuzzy on the whole client vs server. I just want to understand it fully and what is possible and what is not.
Thanks.
Feel free to reach out to me on discord if you have more questions, I’d be happy to help.
Xyphur#0001
Replicated things such as events in replicated storage is how data is passed from the Client to the Server so make sure that you put a security check at that threshold (and always on the server, try to never trust values from the client, e.g. giving money)
The client is the person’s computer, and he can do literally anything with it. I mean anything. They can ditch Roblox altogether and make their own program with ray tracing and whatever, and trick the server into connecting to their custom program instead of the Roblox they installed on their computer. It would be difficult but it’s totally possible. Also difficult, they can disable all of your anti-hack LocalScripts, or even disable only the parts of those scripts that detect them. It will take a long time to truly understand what is easy and what is difficult, but at the core you should understand that anything is possible when their computer sits right in front of them.
The server is the machine located in one of Roblox’s buildings around the world running the core of the game and synchronizing the players’ computers. It can’t be altered at all by hackers/exploiters except in the case of significant world-shattering vulnerabilities, and the RemoteEvents and RemoteFunctions which you allow the players to use. That’s why it’s so important to make sure your RemoteEvents/Functions are not doing anything that can be a security vulnerability.