I have a local script that does a bunch of camera tweening and gui effects.
It is basically trying to recreate the feeling of a video, instead done with camera tweening and guis.
This script should ONLY do stuff when people in the control booth click a play button, and should play for everyone in the server.
my thoughts are to have the script in starterGui or somewhere else appropriate, and get it to play using a server > all client remote event.
but then I remembered that a hacker can easily fire the remote event, as many times as they want, and then the video will play when it isn’t meant to.
Are there other alternatives to using remote events for this purpose (server to all clients), or is there some way that I can make it so that the remote event will not fire unless it is coming from the control booth screen?
note: the script for the video HAS to be a local script because it involves camera manipulation and gui related stuff.
It sounds like you’re describing a RemoteEvent from a client triggering all other clients, which isn’t something that RemoteEvents can do. It would have to be Client → Server → All Clients. One client tells the server something, and the server fires the event for everyone. That’s where your security comes in. Let’s imagine a “bad” client trying to trigger the video from outside the booth.
Insecure method:
Bad Client: “Server, tell everyone to watch this.”
Server: (sends RemoteEvent to all clients) “Okay! Everyone, watch this!”
Bad Client:
Secure method:
Bad Client: “Server, tell everyone to watch this.”
Server: (checks client’s location server-side) “Hold on a sec, you aren’t in the control booth. No can do.”
You can make the server do any checks you like, but as long as your security is server-side, exploiters can’t touch it.
there is a screen in the control booth with a play button.
It is connected to a server script to do colour changes and to detect when the button is clicked.
I want the play button to trigger an event in all clients.
Exploiters can only mess with their own LocalScripts. LocalScripts on other clients are “safe”, as are server scripts. So an exploiter can watch the video all they want, but unless they run it past the server, they can’t affect anyone else.
I’m pretty sure it won’t do anything except for them. Read more about Game security, Exploiters can only play around with their own LocalScripts, They will never be able to do anything on a server unless there is an unprotected remote event which they are able to fire to.
The client cannot fire remote events to other clients, only the server, and the client cannot manipulate the server into firing a remote event unless it is built into your code.
In that case, it seems like it’s client → server → all other clients. If you don’t want the client to be able to make the server fire an event to all the other clients, then don’t have that first link, a remote event that the client fires, the server receives, and then the server fires to all the other clients.
No, :FireClient and :FireAllClients can only be called from the server.
Sorry everyone thinks its client > server > client.
It is Server > client. The button is on a SurfaceGui in workspace, not on every players screen etc.
should have clarified.
The client has to tell the server they clicked their mouse on the button… anything that needs input from the player’s device cannot be server-sided.
Not looking to spoof anything looking for tracks/footprints?
What I’m asking is, is there a way to tell who set off the remote no matter what they did to do it?
