Now I believe we’ve all heard of the golden rule “Never trust the client”
I’m currently recreating a popular mobile game in Roblox completely client-sided. I’ve tried to develop it on the server, however the lag makes it absolutely unplayable as the game requires a lot of precision and any form of latency just completely ruins the experience for the player. Now here comes the problem, exploiters.
Now since the game is completely client-sided, my friend was able to steal my whole game using exploits (with my permission) and recreate it completely in his own Roblox Studio Place. Now obviously, this is a pretty big problem as I don’t want exploiters to be able to steal my whole game and claim it as theirs.
Another problem that I’m having is saving data. For example, a player gets a new high score and I want to save it. However, since the points are being tracked on the client-side an exploiter could easily hijack the remote and change the value of the highscore that they got and place themselves #1 on the leaderboard.
I’ve but a basic security system in place, where the server generates a random key for each player and the client has to decrypt it and send it back to the server and if it’s wrong then the player is automatically banned. I do realize that in the grand scheme this does pretty much nothing, however it is better than nothing and will stop basic exploiters from doing anything damaging to my game.
I’d like your feedback on how I can iterate and improve my game security wise, however, I do realize that I’m probably at a lost cause here and that I’ll probably have to figure out a way to make the game somewhat server sided.
First of all, your “friend” should not be your friend if they steal your game. Second, try setting up remotes. To reduce lag, try not to have excessive unanchored parts.
There are sites like rbxtool or something that allow you to steal all the maps you want, you should create a script that recognizes if there are a few more scripts (like if you have 5 scripts and the game detects more kick or ban) I hope I understand what you meant
There is no absolute way to make a game that’s completely client-sides. No matter how strong your security is, it’s never gonna work without server sided scripts.
Right, but do you have any idea as to how I could implement server scripts into my game without causing a lot of latency?
You can check out the game, link is in the post. I think that should give you a better idea as to how big of a problem latency can be for a game like this.
This depends on how good CPU/Network is on the client.
Because, imagine a game with literally no physics, the CPU and network will prioritize their work on network and taking inputs. So don’t try to add too much physics in the game. That’s the best advice I could remember.
You can “exploit” your own game by using the client command bar in studio, exploiting for testing your game’s security is pointless and not needed.
A 100% client trusting game is not good game design, unless the experience doesn’t influence other players.
You should make an hybrid instead, server sanity checks.
Your ping and latency also depend based off the server region, which is something you can’t change (the first player to join sets the server region to their own, to establish a good connection).