How to safely invoke the client

xFly_Flame1014 · March 28, 2022, 12:27pm

game.Loaded:Wait() might infinitely yield since it only fires one, if you don’t want it to infinitely you can use repeat RunService.Heartbeat:Wait() until game:IsLoaded()

commitblue · March 28, 2022, 1:06pm

What I meant that if I make a remotefunction and wait for the client to tell me that their loaded, they can easily make an infinite yield

xFly_Flame1014 · March 28, 2022, 2:00pm

Sorry for the misunderstanding lol

CodedJer · April 1, 2022, 8:04am

What Is this supposed to do, I do not understand due to the formatting.

commitblue · April 1, 2022, 8:27am

when you use remotefunctions to invoke the client, the exploiter can infinitely yield server, so this serverscript is basically a timeout thing.

commitblue · April 1, 2022, 9:00am

what is that ? Is the handshake system like the timeout thing?

RlGHTEOUS · April 1, 2022, 10:33am

No pcalls? The documentation for InvokeClient specifically mentions wrapping in a pcall to prevent errors

commitblue · April 1, 2022, 10:56am

I think task spawn already handled this for you

RlGHTEOUS · April 1, 2022, 11:03am

It won’t stop the current thread from continuing but it doesnt exactly catch the error either
(Nor is invoking the client ever truly safe)

commitblue · April 1, 2022, 11:04am

Then add a pcall I guess.

luvebrainz · April 1, 2022, 9:11pm

This post is inherently misleading, due to the fact that exploiters can still hook onto your OnClientEvent‘s using metamethods. There is no “safe” on the client, no matter how hard you try. You might slow down script kiddies and exploiters who have no knowledge on this, but any competent exploiter can still, very well, just spoof the data.

commitblue · April 1, 2022, 9:12pm

I would like to see you make a code that yields the server infinitely.

luvebrainz · April 1, 2022, 9:15pm

What? No one is able to do that without a server sided vulnerability?

I think you’re misunderstanding me. Im saying method you have provided doesn’t seem very practical or safe as a security measure as you claim it to be.

commitblue · April 1, 2022, 9:17pm

I have no idea what your saying. If my method is bad, why can’t you bypass it?

luvebrainz · April 1, 2022, 9:34pm

Reading through again, I did misinterpret your solution a little on my end, my apologies.

Though I will say the use case is fairly low for something like this and the claim of exploiters not being able to mess with it anymore is a bit of an overstatement.

BillB1ox · April 1, 2022, 9:45pm

If you didn’t want to cause damage to the server, couldn’t you use

pcall(function()

commitblue · April 1, 2022, 9:45pm

yes but they can still return wait and it will infinitely yield the server.

commitblue · April 6, 2022, 1:44pm

If you just use pcall, it will can be still be yielded infinitely by exploiter by simply return wait(9e9)

commitblue · April 6, 2022, 1:46pm

Like onclientonvokw and client returns the wait

DUCKONAROLL · April 6, 2022, 3:31pm

Still waiting on that formatting…