Please tell me how would I secure my remote events? I know I can’t rely on clients and I should put all checkments on server but I can not figure out what kind of checking I should do on the remote event to prevent exploits? the worse is now 85% of the exploit scripts are obfstructed which is not possible to figure out how they are doing it, how would I secure remote event? specially when I want to pass values to server so it change the leaderstats value I can’t think in any kind of checkments to prevent exploiters
It solely depends on what data is being transmitted. If the client is asking to buy an item, make sure they have the money required on the server aswell as the client.
Basically, treat remote events as a client asking to do something, and make sure you check that their action is allowed.
The client should only ever tell the server user input information (attack player y, buy item x), not what to do (kill player y, give item x).
1 Like
Does it work if I put some bool value and check its parent and .Parent.Parent and name etc so I make sure he is not using something that was made instance and in wrong place??
here example
Hi! instead of passing the values to server, you can “get” that values on the server script. Lets say you fire the remote event to server, server then checks what tool player has equipped(this example is for simulators). You can make module script in the Server Storage with “strenghts” of individual tools. Server gets the increase value by checking in that table and do the thing.
I hope this helps you! Good luck! 
1 Like
What exactly are you checking for? That could be correct, but I’m not sure exactly what you’re trying to do.
I have class controller which is firing event when it click button so you get the weapons so I am trying to avoid so player don’t get any gun he wants but with class he clicked
In the server script you can check if player is in that class, and if it is that you can countinue.
Wdym to check if player is in that class if I use string value and put the class name any exploiter can change the string value to anything
1 Like
The client should choose a class, which is than verified on the server. The server should always know data about the player like their class.
To verify they can have a weapon, check if the weapon they want exists & is in their class.
