I want to add password to my remote event to protect it from exploiters.
However, if I get player’s password from remote function, exploiters can use that to bypass the password, make the password sytem useless
This is my code:
local passwords = {}
-- Random password
local function randomPassword(NumOfChars)
local characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
local randomString = ""
for i = 1, NumOfChars do
local randomIndex = math.random(1, string.len(characters))
randomString = randomString .. string.sub(characters, randomIndex, randomIndex)
end
return randomString
end
--...
-- event need to add password
game.ReplicatedStorage.UpdatePlayerData.OnServerEvent:Connect(function(plr, password, data1, id, questName)
if not checkPassword(password, plr.UserId) then return end
if not id then
data[plr.UserId] = data1
checkXp(data[plr.UserId])
else
saveData(nil, id, data1)
end
if questName and type(questName) == "string" then
quests[plr.UserId]:checker()
end
end)
It’s impossible to guarantee security for any part of the client. You can try to obscure your password but what I suggest is that you set up your remotes in a way that they don’t need passwords to be secure.
That’s not the way tho. As everyone else stated in the thread, exploiters can simply spy on remotes. You should instead focus on strengthening your server validations and doing sanity checks. Never handle crucial behavior on the client.