Can exploiters mess with global variables on the server or not?
Hmm, nope.
Remember, exploiters are a client
Client’s can only acess client stuff.
No they cannot. The exploiter would be a client meaning they cannot access global variables.
Exploiters can only access client scripts etc (Said by @varjoy).
Thanks for informing me what about metatables haven’t learned about them that much
here you can find a good resource
Also could I do this?
_G.Module = require(Module)
You shouldn’t. Using _G
with modules defeats the purpose of modules.
But I’ve used it before and it works why is it bad? @incapaz I mean like it shortens your local variables for modules and it feels easier to use
It works is not the same as it’s good.
It kills any hope for static analysis of your code, and makes reasoning about your code harder. You are also more likely to get a name collision.
I will leave this as well: Sharing variables between scripts?
I wish this were true, but a lot of exploiters like to do server-side exploits, which relies on getting game developers to unwittingly install a backdoor, usually via a free model or a fake, tampered copies of popular plug-ins. I’ve also been contacted a few times on Roblox and through Discord by users offering to help build, or “fix” things in my games for free (read: install backdoors). The backdoors usually require a lua interpreter like LBI, at which point the exploiters can execute arbitrary code on your server.
This is why you should be super strict on giving edit access to a game, only to people you trust. And you should double check that any plugins you or any of your team install are the bona fide originals from trusted developers. One builder having a bogus plugin can compromise a place file. Finally, avoid free Models that are not Roblox endorsed, or–if you’re 110% sure you know how to do it correctly–sanitize them by removing all scripts.