But you’d want to give the players immediate feedback. It would be much better if the client couldn’t make those changes to the server by adjusting their character, but I wouldn’t want the performance issues that could come along by doing so just to prevent some exploiters that can only affect their character.
I have no reason ever to want clients to delete something from their character, so I want the option to turn it off.
So in order to protect your game, if you have a system that relies on instances within the character, keep track of those changes by the server and detect any suspicious changes.
I shouldn’t have to. I should just be able to get rid of this behaviour.
I’m not entirely sure what system you have set up, but most of the times you could probably have it set up differently without relying on the character.
The system I have has instances inside the character for character specific things. I have scripts from StarterCharacterScripts in there because it makes everything so much easier. Why should I have to make my code uglier and less centralized because of a Roblox behavior I don’t want?
You’re saying that you don’t want the behavior, but the behavior does more than just make the character have bad security. If you didn’t have this implemented, then moving your character would seem much choppier, would it not?
You can make a custom movement script if you want that takes the key input and fires an event to move the character from the server, and then the client will see the change once the server updates the clients. Try it with a bunch of friends in a server, I’d assume the change would be noticeable.
I understand that it is weird but I find it as kind of required. If the staff suggest that this could be implemented soon without performance changes then I’d be all up for it. But I’d rather the normal players have a better time and I have some extra code to find the exploiters.
If you have scripts or instances inserted that should not be removed, then detect their removal. If they should be removed at certain times, have the script detecting the removal be told that the item being removed is on purpose. If you are just storing values you could try storing them as variables somewhere else, but that’s all up to you.
How you go about this doesn’t really matter, but I don’t think asking for changes to the character to be done on the server is a good idea, or at least not from my experience with roblox.
If you didn’t have this implemented, then moving your character would seem much choppier, would it not?
That’s not at all what this thread is about. I’m fine with the player owning their character’s physics, I’m not fine with them being able to manipulate and delete objects from their character and have it replicate.
If you have scripts or instances inserted that should not be removed, then detect their removal. If they should be removed at certain times, have the script detecting the removal be told that the item being removed is on purpose.
Again, I shouldn’t have to. This should be a behavior you can toggle.
I made a similar feature request a month ago for the proposed property, I really support something like this as you currently can’t store anything in the character because people can (and do) delete it and break your game.
Found this out the hard way. There was an exploit which deleted a value in the character causing mobs not to deal damage to the player.
Although I patched it, it would be nice to deny the client the ability to delete anything from the character.
Whether or not there should be a feature to disable changes, it seems to me that a
hack/LocalScript should never be able to cause deletion of a Script on the server by deleting the
replicated vestige Script on the client, yet the last time I checked around a month or two ago, it could.
If descendants are also checked for Scripts in this new feature of disallowing Script deletion,
then devs could simply add dummy children Scripts to prevent whatever sensitive hierarchy
in their Character from deletion. (I’d imagine in the interest of compatibility that maybe descendants
of the deepest Scripts could be exempt from this deletion-protection.)
This could be great for detecting if a client inserts/removes a script from the character. Say a fall damage script which requires local StateType updates, or anything that can’t be done on the server like sending arguments for the mouse position to the server, this can even be used to prevent people from stopping their ragdoll effect since you can detect if joints were removed on the server. I’d argue it’s an effective way to prevent these exploits. That being said, you can easily make the change to place your values inside the player and keep those safe.
I currently use this replication behavior to my advantage by having the server add anti-cheat local scripts and scripts in player characters and kicking a player if I can’t find the script in their character. I also use this to destroy a large number of instances in player characters locally, to reduce the burden on the server (basically creating bullet tracers in player characters and having a local script delete the tracers). I would really hate it if this replication behavior were to be removed, as the way I’m using it allows there to be less lag on the server.
I have developer tools in my game that allow specified users to do certain functionalities during testing to simulate what an exploiter would do as well as interface to interact with player data, this includes the ability to delete parts. I am finding that when someone deletes an NPCs head, that NPC ends up dying despite the deletion of the head happening locally. The server recognises that said health of the Humanoid is also 0. This of course is very bad.
Could this be a result of the unintended/desired behavior you are experiencing?
I rely on this replication behavior to reduce the load on the server by deleting instances inside player characters with LocalScripts and having a timed deletion in a server Script using the Debris service in case the player doesn’t delete the instance when they are supposed to. This replication behavior is incredibly convenient (speaking as a developer who had a hard time converting from Experimental Mode). Personally, if I didn’t want something in a character to be deleted, I would use signals server-side to make sure to respawn players if they remove anything important (DescendantRemoving/ChildRemoved/AncestryChanged).
In my roleplay game, some exploiters are deleting their shirt / pants instances to walk around without clothes on, which doesn’t look very appropriate. Furthermore, some of them are going “limbless” by deleting their arms/legs.
There should be a CharacterRespectFilteringEnabled flag. This would also allow me to not waste time with programming server detection on things like this.
WE need more attention on FilteringEnabled, especially on things that we can prevent super easily!
Just ran into this same behavior. I was locally deleting a weld on the client as part of a client-prediction system for my game, only to find out it’s screwing with the game’s state on the server. This is a serious security hole - any code that relies on avatars not being completely broken could potentially be broken by an exploiter.