I have a script in the local script where everytime I fire a lazer then it will detect when the lazer is touched by a Humanoid and if it does then it will fire a remoteevent with the humanoid in it so we can deal damage like this.
if humanoid then
but the problem is the fact that exploiters can fire the remote event and pass any players humanoid so he can do some sort of kill all script, whats the best way to make this secure? I would do a thing in the server where it detects if the server finds that the player is not equipping any tool but its a pvp game, everyone has a tool.
replace the local script with a server script and copy all of the stuff in the local script to the script you just added. Then change the function inside of the
if humanoid then to
Try moving all the logic to the server. Raycasting from the client then returning the hit objects to the server is easily exploited, as you mentioned, a client can easily get all the humanoids in the game then fire the event to kill them all.
Instead, try telling the server when a client fires and the direction, have the server do the raycasting and damaging. This way only the server determines which hit is valid according to where the weapon is fired.
Server script logic:
-- Do the raycasting and the damage here
Wouldnt ServerSide raycasting cause delay? plus can the client just change the direction to pass as an argument into a players position?
You don’t ever want to do ServerSided hit detection, unless you have a way to fix the need to predict your aim. ClientSide hit detection is done in most popular fps games, You can easily validate everything on the server by adding extra checks to make sure the information the client is sending actually makes sense.