Hey there. I’m making a plugin, and i’m using an express website that i made that handles the data. the problem is i am using an access token for the website (so random people can’t post/get data), and i was wondering how to hide the access token in my plugin code. plugin code can be seen by everyone, right? and how can i go about hiding my token?
thanks
Annoyingly, you can’t hide anything…like ever…because roblox lets you see all the code, the only thing I can think of would be obfuscating it.
hm i see. i guess i’ll have to try that
There are so many ways you can hide the access token. I will list them:
Problem is because roblox won’t let you close source any models, the person can just find the require script, and then take the token out of it.
i mean, the first one might work, but they can still see me using the token when i make the request, which will lead them to uncovering it…
One clever thing I have seen is making a comment by doing --[[]] and then pressing tab after the comment a couple of times and then adding require(string.reverse())
People can still see the token though
i could add some special header or a field in the body that could be used to check for access on the website…
there really isn’t any other good option
You could just obfuscate it I guess, would take ages to un-obfuscate.
that’s true. i guess i’ll go with that for now.
thanks for your help everyone.
(i’ll try and figure out some other good solutions too!)