I’m pretty sure MessagingService only works for servers in the same game. I believe that sepro1144 wanted communication between completely unrelated Roblox games. You could, however, perhaps use a combination of both MessagingService (for when two players are in the same game) and HttpService (for when they are in other games).
5 Likes
Use messaging service, I’d suggest every message send a table if data that includes the sender and the message. If you’re doing a custom chat GUI you could even have the server when receiving the data load custom tags and more.
My question is if this would even be allowed, if you are processing this via your own servers you could do anything you want to the messages and in effect make them against TOS, and I don’t see why you would be entrusted with handling messages.
He is also now hiring and selling this, I don’t think it’s against TOS as long as they have a warning.
Its against TOS if players are taking chat into their own hands, its basically (in my opinion) giving the same issues as a developer removing the filter and replacing with they own.
Think about it, you have the power to control what everyone is saying if its going through your server off-roblox, you could turn ‘Wanna play’ to ‘I hate you’. Not to mention, if the server got ‘hacked’ (which id assume would be a thousand times easier then trying to gain control of the core roblox chat across games) That hacker could have the power to wreck havoc.
As someone who’s made their own chat, I can confirm that this is incorrect, you can do whatever you want with your chat, you can choose to have no chat at all if you wish. All Roblox asks you to do is put all messages through the filter.
I modeled mine like this:
Client → Server → Filter → Database → Other clients.
Run every message through the filter before it goes to the HttpService and you’ll be fine. That’s all they ask.
And if for whatever reason you’re worried someone is going to “hack your database” first off, I think that’s a little extreme, but if you genuinely want to make sure nothing can go wrong, you could model it like this:
Client → Server → Filter → Database → Server → Filter → Other clients.
This would mean that everything coming in is getting filtered, and everything going out is getting filtered.
1 Like
That wasn’t what I ment, he wants to handle the messages through a http request. This means he can modify the messages being sent and is vulnerable to cyber-attacks.
Also if you read my statement you would realise my issue was more with the fact of data modification. While a message could pass roblox filter it could still pass a completely different meaning if it were modified. For example to cause trouble a hacker could change every message saying ‘want to play something else’ to ‘I hate you’. Both of which are not filtered.
Furthermore this would put the server owner entirely in control of messages, they could not send some messages, they could cause spam hate against a game. They would ultimately have power to cause horrific damage through message modification and for that reason I would never even contemplate adding a system like this.
You can’t “hack” what’s on the server. It’s not replicated. In order for an exploiter to manipulate data they’d need to have a copy of it. That’s why Roblox forces you to do filtering server-side. And you can’t edit the data you send to a server. That’s how Filtering Enabled works.
And if the owner decides to tampered with filtered messages, then they didn’t put the final message through the filter, As Roblox instructs us to. Roblox doesn’t care about what other players can’t see, only what public messages are.
1 Like
Do you understand the actual post, he wants to handle the messages on his own server (NOT ROBLOX’S) And handle the messages through there
Pretty much the entirety of the process is handled on his own non-roblox related servers.
Yes. And that’s fine. As I’ve said. He’d just need to put every request through the filter.
- Player wants to send Post request to make a key with the value “Hello there!”
- The player does FireServer to a remote event, data is sent to a server script (ideally in the ServerScriptService) with the values (Player, Key, and Value)
- Value is sent through the filter, to make sure Roblox is okay with it.
- Value is either approved or denied.
- Value is approved and the post Post request is sent to a server off Roblox (Heroku, Amazon, Google, etc)
- Other servers on Roblox that players are playing in make Get requests, getting all the keys and values within recent memory.
- Get request is approved and the keys are sent with their values.
- The server filters the values, and approves or denies them.
- The server does FireAllClients to send all approved messages to all players in their respective servers.
- Rinse and repeat.
3 Likes
This is my problem tho, these messages as i’ve stated can be modified, and If per say the server owner’s account is compromised someone else with potentially malicious intentions would have full control and here is when problems occur.
Yes you can filter messages on send and receive but you cannot erase the risk of the person whom owns the server can modify the messages which could have very damaging impacts on people if done maliciously and could be used to spread lies or damage a game.
I understand your arguments but there is no way the server owner can be 100% certain his ownership of the server is secure, and therefor if he is compromised / turns nasty it cold have devastating impacts on everyone using the system.
While they couldn’t be able to swear etc. they can still send malicious messages with the opposite intentions to the original sender, ultimately they would have full control on the content of messages going in and out of the system.
That’s any system. If someone got on my Roblox account somehow and stole my work, that’d really hurt.
But it still wouldn’t impact ToS because everything would be filtered. Even if I change the values, the scripts will still deny them.
No matter what I do on my database, the scripts would still recognize as
“Request Denied: Filter Test Failed. Failure To Comply With Roblox Terms of Service”
Can’t ever be 100% sure their account isn’t compromised either sooo…You are running a risk regardless.
When the server receives a message just filter it again then they at least can’t say anything against the filter.
This modification however could stretch into bullying, harassment, filter bypassing statements all of which are against TOS. so while you couldn’t directly be breaking TOS regarding the filter whoever is in control of the server could still break the TOS in the seocondary implications of the message modification.
Imagine if data was modified so that every message sent to a specific list of users was designed to be harassing, is that a fair power to grant someone?
I totally agree with you.
The real issue that’d come up is that you’d have a short delay, like a few seconds.
Because to send a message you’d have to
- Go to Roblox’s chat filter (it’s off-site)
- Make a request.
- Get approved or denied.
- Get that message back
- Send that message to the database
- Send that message from the database to all servers.
- The server then needs to send that message back to the filter.
- Make another request
- Get approved or denied.
- Send the message to all clients within that server.
That’s a lot of traveling. That can take a second. So there might be a second delay between me sending a message, and everyone seeing it.
And you’d probably be doing this several hundred times every second.
Would probably be best to leave such a global chat system as a way to contact individual users or as a “shout” messaging system you see in MMOs.
1 Like
Yeah, I’ve seen that brought up before, just direct messages in-game. Like an inbox/email sorta deal.
I think there was a game called Crystal Online that wanted to do that.
What I see done most, is where you can report a bug or give a suggestion by clicking a button in-game, and it’ll send a post request to discord for the developer/developers to review.
I saw your other post the other day and thought that it was a cool concept - but you fall short on some basic principles.
-
It is possible. Using HttpService, you can send data to external servers. You could send something like the authorID, message, and recipient to your server which sends it off to another game server (just an example - you may have some other things worth sending). Unfortunately there isn’t a way to directly send data to a Roblox server, so you’re stuck doing a constant stream of requests from Roblox to the server to check if it has a message to display.
-
It is not feasible. You would be taking up valuable request space. You’d have to stay under the 500 request/min limit - and you ALSO have to take into account the amount of requests the game is already sending. If you wanted to get around that, you could send the messages in packets and ship them off every minute, but as you know this would cause such a massive delay and would not work as a chat. Not only that, but you also have to worry about checking if the server should be recieving messages. That’s not something that Roblox can currently do very easily. The solution to this is to just constantly check for a new message, which again takes up more request space.
-
This requires the cooperation of many developers. Such a system could not really be effective unless you reached out to as many developers as possible. Unfortunately, because there’s a price on it and it impedes on many game’s limitations, there’s not many developers who would use such a thing. It doesn’t provide something super essential and again - it costs way too much with your company model.
Potential solution:
I saw your previous post in which you said you’d build everything and create the servers. I’m not sure if you’re the best at it, but if you can build an effective one and maintain it, it might work. But the real key to this is to provide a free, non-intrusive service that all developers can use. Really you can just provide an API, and an example module that can perform all of the functions from the Roblox side and do all of the sanity checks. This way a developer can create a Roblox-side system that works for them, but they also have the module to fall back on if they don’t understand how it works. Unfortunately, you will pretty much have to give up making it a great chat feature and will have to accept that there will be massive delays.
I really love your idea, I just don’t think it would work out too well in execution.
I disagree. From what I understand… you can… send the message using an https request. Then on the receiving server… filter the message using roblox’s filtering system.
You can’t edit the code that filters the message when it is received, nor can you change it.
My first accidental necrobump in a… decade
I plead people start reading what im saying. The roblox filter is not impeccable, it never will be.
Sure you maybe wont be able to call people a 4 year old idiot, but you can still say some pretty hurtful things which dont use any offensive language.