Do you put your inventory server-sided or client-sided?

I’m rewriting an older framework I made for an RPG and I am wondering whether if I should put the player’s inventory on the server and have the client make requests to “view” it, or if I should keep the inventory visible as-is to the client.

Would it also be a good idea to keep the directory of all possible items completely server-sided? My current solution has it replicated.

Do you mind to elaborate?

What specifically do you mean with this?

Without knowledge of the specifics, all I can say is that it may be better to keep things on the server and only have the client see things when it needs to. This will also help prevent exploiting, especially where the contents of the inventory can be edited by the client - you should never trust the client to provide accurate information. Having said that, the architecture of the system is largely down to you.

1 Like

What @Increated said. Whatever you do, remember that exploits can happen if you give the client control over things, such as what is in their inventory. Perhaps the client will insert a super powerful sword into their inventory.

1 Like

My current system is basically a folder with StringValues that are pointers to items stored in the “master” directory of items, which is also replicated in its current state. My main concern is players being able to view the master directory and insert items to their own inventory (even though they wouldn’t replicate to the server or save without using an event) or change the quantity of an item within their inventory. At the time, I thought my current system would be mostly safe since 1.) no client edits would be persistent unless an event is exploited 2.) the client checks itself for modified/non-existent items 3.) creating your own item in the master directory would be difficult without extensive knowledge of how I create them.

I believe client-side would be much easier, although server-sided would prevent a lot more exploits, and it would work a lot better. Hope I helped ya!

(most roblox exploit injectors only work client sided)

1 Like

Server-sided would be more secure. Here is a tutorial on how to create a persistent inventory system from scratch: PERSISTENT INVENTORY SYSTEM in Roblox Studio - Lua - YouTube

The answer is clearly server-sided. Not only you prevent exploiters to make changes to their own goods but you wouldn’t be able to access the inventory on the server, only if you send a remote event or invoke a remote function. The system with StringValues works fine, because they don’t cause lag and they’re easily accessible.