Hello, I’m new to the developer forum as I was just promoted to New Member nearly 15 minutes ago. This topic will go over how to perform secure use of Remote Events, I will compare secure use to insecure use and explain why.
Secure Use:
Secure use of remote events has never been defined so I will put forward how I define it.
Secure use of Remote Events is having the SERVER gather all of the information and put as little information through the Remote Event as possible, and any information that has to be sent through the remote is checked.
Example of Secure Use:
Player1 is recently picked up a new exploit and is messing around with your game, Player1 notices a remote inside of your Car Export system and tries to use it to exploit, however Player1 is kicked from your game because you practice secure use meaning when the Remote was fired:
Why is this considered secure use you may ask? This is secure use because the Player gave absolutely no information to the server and the server checked everything itself. Now in large amounts this could be bad for lag I understand that . A summary of secure use is DO NOT TRUST THE CLIENT.
In-Secure Use:
Insecure use of remote events is where a developer trusts the client too much in the information it provides.
Example of an insecure event:
I saw this example a lot when Filtering Enabled was first enforced on all games, developers who didn’t completely understand how Filtering Enabled worked and were doing it simply because they were being forced to. (I was one of these developers) Developers like this would take their current local scripts that needed changing and would keep all of the information checking in the client and would only have the server handle replication. An example of the server only doing the replication is:
-
game.ReplicatedStorage.InsecureEvent.OnServerEvent:connect(function(plr,car,cost) plr.Character.Car:Destroy() plr.Money = plr.Money + cost --sorry for this i really like doing it end)
This is bad because an exploiter can do the following:
Advanced example of secure events:
provided by @chexburger
CONCLUSION: Trusting the client will be the end of your game so please, don’t do it.
Notes: This is my first topic on the developer forum, if there’s any issues feel free to let me know down below I’m not an expert in this and I’d love to learn more about filtering enabled. I am simply sharing my knowledge with others, thank you. (also sorry for the inconsistent formatting I have to go somewhere)