I’ve been looking at a lot of people’s DevForum topics, modules, source code, and other scripts, and I’ve noticed a few things.
Some DevForum topics relating to increasing performance say that you have clients handle a lot of things.
I’ve also seen in some source code for guns, the scripter coded it where when the player activated the gun, a LocalScript fired an event to every client for of them to create bullets, and the server didn’t get involved in this.
If this would help increase performance, I would like to do the same, but I don’t see how damage would be applied to characters hit by the bullets if the server isn’t involved.
Are effects, tweens, bullets, and a lot of other things supposed to be run on the client? And how would I handle them when the server needs to know about when they’re run on clients only?
I’m especially asking about what you run on the client, like tweens.
Also, on games like JailBreak where you point your gun and your character’s Motor6D are updated, doesn’t that require a lot of firing RemoteEvents from client to server to update the C0 or C1 based on the player’s mouse position?
There are standard replication rules to consider, but basically anything the client can’t do needs to be done on the server. This includes humanoid deaths. Cases where the client should control what happens is usually only restricted to visual effects and HumanoidStateType | Roblox Creator Documentation. Everything else, such as detecting bullet collisions with raycasting, killing the humanoid, or handling game logic should be handled by the server. Remember this. NEVER TRUST THE CLIENT. This means that you cannot rely on the client to handle game logic because everything on the client can be changed by that client. In other words, exploiters can take advantage of anything on their machine. If your game is set up so that the client handles game logic then they can change that game logic to become gods. Only visual effects should be handled by the client. That way, in a shooter game, they can delete the bullet instances or keep them from being created but they can’t stop themselves from taking damage.
I do not recommend running many things on clients, especially bullets. If you have a local script that controls bullets then an exploiter can literally delete it and become god. (the only things I recommend running on the client is visual effects and whatnot)
The client should only be used for visual effects. The FastCast gun module is a good example where the server handles the hit and the client handles are projectile effects.