So Right now I want to create a Shop with Gui, and I want to use Modules to Help store the Data, But the Problem here is that I dont want the Module to be shared with the Client, I get that would make it more difficult but I rather have it where they dont know all the Data, Even if it will all be seen with the Values,
But, Now I have the Issue on How to Handle it, I know how to set up this kind of System, but I’m not sure what to do it with, I’m concerned if that It would use would cause a vulnerability with my game or not, Which in this case would be with the usages of RemoteEvents or RemoteFunctions.
And a Couple of Questions:
Handle this on the Server or Client?
Should I be using a RemoteEvent or a RemoteFunction?
Would It already be Secure or do I make sure it is Secure?
so I dont know If I need to do much with Securing it.
You could fire a remote function when the player opens the shop to retrieve the store data that you want the client to receive, and when they buy something fire a remote event that then does all the checking, aka prices and all.
Personally, I would handle everything on the server (except for the gui obviously), and use RemoteFunctions for it, simply so it is a lot easier to show what the result is (i.e. purchased, not enough money, failed, etc.)
Making it on the server, including the module (being executed by the server script), would be secure enough, but there could probably be wayyy more security put into it.
And this as well.
But I wouldn’t use a RemoteEvent for this. A RemoteFunction would be better.
Why exactly do you not want a shop module to be seen? Sending items every time they scroll a page is much less efficient (requires the server to send data over every time, when you could have the server not even send any data at all). The server should really only be involved for things it needs to be, such as purchasing, using and equipping (and possibly opening and closing, in case it’s important the shop isn’t opened anywhere by exploiters).
If it’s necessary though, you could create a limited form of the ModuleScript with less data (e.g. only the name, description, and price), thereby keeping everything on the client but not constantly nagging the server for simple data.
There really aren’t any security risks associated with sending shop items that I can think of, new items would be discovered naturally anyway (and exploiters could just read the entire table the second you sent it over)
This is basically creating a mock ModuleScript, as if you send over a table of data once then it’s in no way different to one, except that it’s stored only in that one script (which doesn’t really mean anything except it’s less portable).
The way I would reccomend to do it is setup the shop serverside. Then interpret it locally. I set mine up with a value that is checked on the server when the item is purchased so it’s unexploitable.
I actually have it setup so where there is a shopmodule. When the Shoptype is changed it rerolls the shop based on the item type. This is done serverside. The items when purchased delete the value on the server side and the item slot is transferred to the players inventory. It’s really neat but exploitable if you can just run between two shops. You must implement debounce clientside and perhaps serverside.
Your sense of worry is misplaced because these things are already being replicated to the client to be viewed or are stored in the memory anyway. So hiding them arbitrarily is very inefficient resource wise. You should store these item/gui elements in the replicatedstorage that way you can generate viewport frames of your items at least.
But if you had to then you would make a table of the things you want or check them on a per data point basis from by the server to put them to where they could be accessed by the client.