I’ve been reading about securing remote events and the key point which pops up again and again is "never trust the client. Always validate."
For the majority of my games I’ve been applying this logic, alongside a ‘password system’. For my newer projects I’ve stopped using a ‘password’ verification system as I understand now that they can always be overcome, take time to make and can disrupt code.
Here’s the thing:
If you are making a ‘command bar’ for an admin commands script, where the client submits commands, for example through a gui, how do you go about verifying the player is the correct player executing the commands?
In the past, I’ve always used the ‘password’ system to protect against this, but now I want a more reliable way to verify the player executing the command is the correct player. For example, an exploiter could fire to one of the remote events requesting to ‘kill all’, using a player who has the permission to execute that command as their first argument.