I have a simple question. I am aware that hackers can put in any parameters they want to fire an event from the client to the server. I have code in my local script that fires an event from the client to the server, and it has parameters. EX: event:FireServer(param1, param2). what im wondering is, are hackers able to know what param1 and param2 are? before or after theyre fired? i have a passkey in my parameters and my server scripts check if the passkey match, so the hacker would need to put in the passkey for the parameter for the server to run the code. Could someone explain this? Thanks!
the passkey is a string I made in a local variable created in the local script
Yes hackers (exploiters) can view the parameters that gets sent to the server via remotes, via using a tool named RemoteSpy and similar.
Anything that the client can see, the hacker/exploiter can modify/view it.
Yes, if it’s on the client it would be visible.
Encryption/decryption of the passkey, rate limits, and cooldowns are always options. If possible, perform most processes on the server and assume that any data coming from the client can be manipulated, and verify that data.
For game security (in basic terms):
Sanity checks,
Do most checks on server,
Server-sided anti-cheat and a actual good client anticheat (replicatedfirst, actor instance, hide from env via setfenv with debug.info and stuff).
Alright, thank you guys with the answer and also possible solutions that I can do!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.