Hi, I’m currently working on a game which consists of AIs in workspace. Inside the AIs is a ServerScript which handles the amount of cash/xp given to the player when they buy something from them. I was wondering, could an exploiter use that script to give them an inf+ amount of cash/XP. The script is not fired by a RemoteEvent. It simply checks if it buys, then gives whoever owns item x amount of cash/XP.
1 Like
No? If its running on the server and there is no way of their client interacting with the AI (such as remote events) then they have no control over the AI. Aslong as your purchases are secure regarding the items they buy then you should be fine.
Well the Ai is located in Workspace, the script is located inside the AI via Workspace. The way the Ai gives the cash and xp to the player is this: Checks if store exists, if so, then walks to store, gives cash and xp, then leaves.
There are numerous places a server script can run. workspace and server script service being two of them. Aslong as its running then it should be secure as they are running on the server. The only thing you should have to worry about is how the client interacts with it via remotes (if any).
Hmm, alright. So what I’m truly trying to figure out is: Can the player look inside the script located in Workspace and change the amount of cash given to them. The script does not use any remoteEvents. I understand clients cant ServerSided objcs, however its located in Workspace.
No they can’t. Whats in those scripts is not sent to the clients therefore they can’t see that type of stuff. They can see the script objects itself in workspace but that is all. If for example the game got leaked the scripts would be empty.
6 Likes
Just going to throw a tidbit in here: the only exploit that can be successfully ran on NPCs in the Workspace is manipulation of their physics and this is only the case if you don’t explicitly set the network ownership of the NPC’s parts to the server.
Aside from that, you’re fine if you’re using a server script for NPCs (and you should if you don’t have a local handler for NPCs or any of that sort of thing). The script can’t be duplicated, the logic can’t be modified, nothing. The client is walled off from the server’s processes.
Another tidbit to end off with: you’ll probably want to invest into a general NPC and/or EXP handler rather than putting the script in the NPCs themselves. Something to consider for streamlining behaviour, improving performance and being easy on the memory usage.
2 Likes