I want to make my own robust dataStore system. It should save maybe once every 10 to 15 minutes in order to keep player data safe. One problem I have is exploiters. Remote functions are going to be used for saving, but if they send in someone else’s player object then they can back up that person’s saving. This can cause their data to be delayed by a significant portion. They can also send in things that the server can trust the client with, such as custom settings, and it would just be a major inconvenience to the other player.
I have been programming this and I just came across the thought. I haven’t actually had the issue yet, I just want to avoid it in the future.
I have almost implemented a way to stop a player from saving too frequently, but there are more problems caused by that.
Any help is greatly appreciated
TLDR: Datastore saving functions aren’t secure because remote function’s default “player” value can be changed by exloiters, How can i fix this?
I’m not sure if I really understand what your trying to do. You want to save players data every 10-15 minutes using remote functions. u don’t need remote functions
game.Players.PlayerAdded:Connect(function(player)
while wait(math.random(600, 900)) do
-- save data
end
end)
An autosave timer should be entirely server-sided, void of any responsibility given to the client. It’s wise to never trust the client with something critical let alone something that allows them to manipulate someone else’s data
If you have to use RemoteEvents to save, say a manual save button, the server already captures the Player object as the first parameter of the event. You can use that instead of needing them to also specify a player object as an additional parameter.