Hey,
I am trying to make a GUI where players can choose a team and I know how to do that.
So when the player clicks on the button it sends a remote request to the server which handles the team changing.
But how do I make the remote call secure? So exploiters cant just call the remote and change teams whenever they want.
If they choose a team and don’t have the ability to change their chosen team later, you could make it so that the remote can only be fired once. Then, when they would be able to change their team (if it’s a round based game) you can change this back so that it can be fired once more.
This’ll definitely stop exploiters from randomly changing their team at any point.
This depends on the specific restrictions you want to place on it. When the remote is fired, the server script would use if statements to determine whether the request is valid or not. You should assume that the client could fire the remote at any time with any input. It’ll be up to you to define, using if statements, what is and isn’t allowed.
You could check if the player has the neutral property set when the event is fired to to the server. The client can change the neutral property but it won’t appear on the server. If they fire the event and the neutral property is false that means they are already on a team and you can ignore the request.
Remote keys shouldn’t replace a proper server security. If your LocalScript knows them, the exploiter will too.
It depends on when you want the players to be able or unable to change teams. What’s the plan?
i get what your trying to do but i doubt that remote keys will actually work
this is how exploiting actually works
people find solutions to your game and share it with everyone
the people looking for solutions to your game likely is able to look at your password because its client side code (these are likely the people your dealing with)
the script kidos who is shared with this information likely does not have access to the tools nor the experience to read your client side code (these are likely the majority of exploiters)
oops
what i said doesnt provide much security at all
looking back at that i wonder what other crappy advice i gave 2 years ago