So these days im learning movement systems and i came accross a video about security so now i know that doing everything with local script is not the most secure way to make a game.
So how are you supposed to handle them? most of the tutorials put their movements scripts just in starter player, so should i follow them? or is it best to just handle animation and inputs on client then add the actual velocity/Position/things needed in the server with a remote event?
Im not really good with security since most of the stuff i made are purely just to challenge myself to code so im not that good at making secure systems. Thanks for the help!
to start off you should first gather anything that could potentially be exploited (ex. gaining money when touching a part) and handle the authority on the server (however if it’s ui, etc,… handle the ui on the client and handle permissions on the server)
anything that can’t / isn’t worth exploiting should be handled on the client, or whatever you choose to handle it on
In my experience with my own games, security is mostly handled by Roblox now. Hackers still attack my games but incidences are rarer. It shouldn’t stress you out when you first start making the game unless you’re doing a massive game with many team members and an economy.
You should still use proper techniques when coding server/client though, it will save your game from being an easy target for exploiters. I would suggest to look up tutorials on how to do serverside checks. Your main focus should be setting up remotes that exploiters cannot fake to gain an advantage (basically don’t inputs for remote events/functions).
ServerSide movement systems are horrible. All inputs take time to move your character depending on ping. How can you do cool movements when your ping constantly gets in the way?
Use ClientSide for movement systems. Velocity/Position/Animations/etc all get modified by LocalScripts per frame. It doesn’t matter anyway that the movement system is on the client. Hackers can just upgrade their movement system to noclip and fly, which beats any regular player’s.
Think about who are you are making the game for. You are making the game for the 99% of players who won’t be hacking your game. Focus on making fun content for the game. If you’re worried about the 1%, you can always do simple things like a votekick, reporting system, or moderation system.