Is it enough for doing everything on server? Or do I need to add other things such as Cooltimes?
2 Likes
Yes, you should definitely prevent people from firing it too often. Try doing this on both the client and server if you can.
Make sure the data the client sends is also accurate.
2 Likes
On the client its not as dangerous because its only 1 person and the server controls what events gets fired to the client. I would only advise doing it on the server because clients can inject scripts that can spam remote events or remote functions and this can be dangerous. Just always have the mindset that the client can fire any amount of times and pass malicious arguments to the server, always sanitize the input data from the client and I have a cooldown script which I check if the remote fired is in cooldown. I only use 1 remotevent for my games and the client passes a string argument for what task the client wants the server to do. I like to structure my remotes kind of like an API, so in the dict “requestCallCooldown” You write the name of the event, and then you write time in seconds for how long you want the remote to be cooldowned after being received by the server. If you don’t insert anything it will by default have no cooldown, meaning the client can fire the event as many times as it wants. Make sure the structure your client scripts in a way to handle the server rejecting the clients request like lets say the client tries to eat an item, then make it so that if the server rejects that request then don’t allow the client to eat.
local requestCallCooldown = {
consumeItem = 1.5
}
local cooldownData = {}
local function handleRequest(Player, Parameters)
local eventType = Parameters.EventType
Parameters.Player = Player
local CooldownTime = requestCallCooldown[eventType]
if CooldownTime then
if CooldownTime > 0 then
local CooldownUnix = tick() + CooldownTime
if cooldownData[eventType] then
if cooldownData[eventType][Player.Name] then
if cooldownData[eventType][Player.Name] <= tick() then
cooldownData[eventType][Player.Name] = CooldownUnix
else
return 404
end
else
cooldownData[eventType][Player.Name] = CooldownUnix
end
else
cooldownData[eventType] = {}
cooldownData[eventType][Player.Name] = CooldownUnix
end
end
end
local resData = remoteEvents.runEvent(eventType, Parameters)
return resData
end
1 Like
Oh, I thought you meant like having cooldowns from the server sending remotevents to the client that is not neccesary. But having a cooldown on the client itself is a very good idea to save network traffic. So add a cooldown on the client and server is a good idea.
1 Like
tbh with you there is not “best” way to protect a remoteevent , the way to do it will be different from games to game and devs to devs , but what almost all will prob tell would be “add a cap to how much you can fire the remoteevent” or “add a check on the server sided that check if the player has meet the requirement to fire the event and then accept the remote event” but as i told it will just depends of the game .
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.