Exploiting Datastorage: REMOTE FUNCTIONS?

Hello everyone!

I have a question I want to ask this community.

IMPORTANT: Do not answer my questions with yes, no. I want explanations my friend ^^

Let me share my experience with DataStorage and here are my questions:

  • I think I’m good at data storage, but how safe is it really? As I would expect my game could be exploited, but the question is, can hackers exploit DataStorage?

  • Every DataStorage script looks different, I mean if you just look around DataStorage scripts. Everyone scripts something differnt in DataStorage, some with Digits, some with “you know what I mean”. Now I am asking to you, is it enough to just make a DataStorage script with: BindToClose, PlayerRemoving, PlayerAdded. Or do you think thats just a small area of DataStorage?

  • I want make a game where I can save my swords, should I use Data Storage for that? My plan is: Make a Folder in Data Storage and later I can save my swords in there. Good idea?

  • So Do I need to use Remotefunctions for DataStorage, or better: is it necassary to use Remotefunctions?

I am afraid of using DataStorage with my small knowledge

Please if you answere my question then all. Thanks!

The only way for exploiters to mess with DataStore is if you store data that the client sends to the server. If you want your DataStorage to work properly, the system should only work on the server because exploiters can’t do anything on the server.

1 Like

he only way for exploiters to mess with DataStore is if you store data that the client sends to the server. If you want your DataStorage to work properly, the system should only work on the server because exploiters can’t do anything on the server.

Well done explained! Could you explain the last 3 points too or somoene else please? :smiley:

You can make a proper DataStore system with PlayerAdded, PlayerRemoving, and BindToClose as these are key factors to a fully functioning system.

You can use that but remember, you can’t save Instances in DataStores so you can store the sword’s Name in a DataStore and load it to the folder when the player joins.

You don’t have to use remotes, but you can if your system requires it. Make sure you have sanity checks to not allow exploiters to modify their DataStores.

“so you can store the sword’s Name in a DataStore and load it to the folder when the player joins.”

How could I do that? do you have a link or could explain it to me here or private?

You don’t always have to use RemoteFunctions.
I personally used a module, but it’s in ServerScriptService.
I would have put it in ReplicatedStorage, but sometimes things are better left alone in their destined place, and it wouldn’t be right to put it there, not because of “Clients can exploit data”, more of because Clients can’t access it anyway because when server makes changes to something, client can’t change that unless given permission to.

More of my explanation on RemoteFunctions, clients can exploit data if you use any type of Remote to communicate. That’s if, you are letting the client send you back their own data (but they can modify it), or letting client decide on stuff with the data.

Back onto modules, client’s cant change anything with in it, or modify any data. I even use a module as a cache for clients to read data, they can change it as they like but it’s not gonna appear on the server because the server originally made changes to it, and didnt give client permission to.

Onto DataStore, you can use tables to “save” swords, or rather instances. How? you can just provide the tool names, and then when they join give them their tools back.
And for a full functioning DataStore system,

Addition, I use a for loop in order to collect/update data. It collects data and updates it, serving as the perfect system. It can even be useful for autosaving, or detection when the server closes due to a error, etc. However systems like those take a lot of work, because you need to optimize.

1 Like

You should have a folder somewhere in ServerStorage that holds the swords, when the player joins, search their datastore for a sword’s name and if the sword is there, clone it to their inventory

Omg Thanks! I didnt notice that.

I think you should add auto saving. Imagine there is a Roblox outage and someone has already played your game for two hours in one session and made quite some progress. When he now leaves, he will lose all his data as it can’t save because of the outage.

So definately autosave I’d say.

You can use something like ProfileService or DataStore2 too. Both are great modules that provide functions that you can use to safely set/get the player’s data.

is autosave and datastore2 the same? Otherwise I dont know how to make a autosave

No. DataStore2 is a module.
With autosaving I meant saving data for every player every x seconds.

ah okey then I know what you mean. Thanks!

1 Like

Don’t use datastore2, even the creator of the module says not to. There are datastore updates that are going to ruin it soon.

1 Like

Didnt know. Thanks man! You are life saver, but what should I do then?

One of these two: