Data Store Loading and Security

Rahyulty · December 7, 2021, 1:54am

Hello I have a data store script and I want feedback and ways to make it more secure, and for it to load faster(The main problem). Currently, It takes about a second for the data to update on the StringValue, and the problem with this is it doesn’t load fast enough when the player spawns so sometimes this can mess up some of my scripts especially when giving items on spawn.

As For the secure part, I am pretty sure this isn’t secure. I would like some feedback to make this more secure and to stop exploiters unable to directly change these values.

local DSS = game:GetService("DataStoreService")
local PlayerData = DSS:GetDataStore("WData001")
local RunService = game:GetService("RunService")


game.Players.PlayerAdded:Connect(function(Plr)
	local WDATA = Instance.new("Folder")
	WDATA.Parent = Plr
	WDATA.Name = "WDATA"
	
	local Weapon = Instance.new("StringValue")
	Weapon.Parent = WDATA
	Weapon.Name = "Weapon"
	Weapon.Value = "None"

	local PlrUserId = "Player_"..Plr.UserId
	local StoreData = PlayerData:GetAsync(PlrUserId)

	if StoreData then 
		Weapon.Value = StoreData['Weapon']

	end 
end)

-----------------------------------------------------------------------------------------

local function CreateTable(Plr)
	local Plrstats = {}
	for _,V in pairs(Plr.WDATA:GetChildren()) do 
		Plrstats[V.Name] = V.Value
	end
	return Plrstats
end

local function Save(Plr)
	local Plrstats = CreateTable(Plr)
	local Sucess, Error = pcall(function()
		local PlrUserID = "Player_"..Plr.UserId
		PlayerData:SetAsync(PlrUserID, Plrstats)
	end)
	if not Sucess then 
		warn("Not Able To Save")
	end
end

-----------------------------------------------------------------------------------------


game.Players.PlayerRemoving:Connect(function(Plr)
	Save(Plr)
end)


game:BindToClose(function()
	for _,Player in pairs(game.Players:GetPlayers()) do
		Save(Player)
	end
end)

C_Sharper · December 7, 2021, 2:02am

Unless you store the ValueObjects in a container the client has no access to (like ServerStorage) the client will always be able to change their values.

However.

If they locally update one of their values, the server won’t see that change. So therefor, it’s already perfectly secure if you rely on the server for all data loading and saving. Just be sure to not entrust the client to determine how much to update a value by. (e.g, letting the client contact the server telling the server to give them a specified amount of cash.)

Rahyulty · December 7, 2021, 2:11am

So what you saying (if i understant correctly) what I have right now the client can change their values? so in order to not do that I need to put the container of the values someplace the client can access?

C_Sharper · December 7, 2021, 2:20am

So this is known as the client-server model.

Your PC that’s playing the Roblox game can be viewed as the client, and the server hosts data across all the clients connected to the server.

If a client changes these values, the server won’t detect those changes. So for example if the server sets the value of one of them to 3, and then the client changes it to like 9999, the server will still view its value being 3.

This is because when the client changes stuff like this, it will not be replicated (made known) to the server.

Hope this helps a bit.

A side note, storage containers such as ServerScriptService and ServerStorage are not replicated to the client, so therefor the client will never be able to see the contents in those services.