How are group ranking systems secured? They seem really vulnerable

Help and Feedback Scripting Support
1

Hello :wave:
I was planning on using Glitch for rank management of my group, and was wondering if this method is protected/how I could protect it. If someone has my glitch link, they could theoretically send a GET request with that link and be able to rank anybody to any rank below the Rank Bot role.

How would I secure this (if needed), and why can’t I find any discussion about this, it seems like such a major flaw?

If you have no idea what I’m talking about, I’m using the method from the video below:

I was thinking of putting this in Development Discussion, but I need support, and even though it isn’t entirely related to Roblox, I hope this is okay to put here.

1 Like
2

Since the HTTP requests are sent from a server script, you could just include a secret key with every request to verify the origin, and use that to only accept requests originating from Roblox servers. AFAIK there shouldn’t be any way for an attacker to get the key assuming the requests are HTTPS, i.e. encrypted.

1 Like