I seriously can't shake myself off of the belief that Value instances aren't safe

Negativize · January 27, 2019, 10:11pm

Please some confirm or deny this for me. Sorry if this is a dumb question
I’m having a very hard time believing instances such as NumberValues and IntValues are safe for use concerning FE. I feel so stupid and confused rn and I need someone to confirm it.

Let me give you an example:
A part named “Wall” in workspace. It has a NumberValue named “Health” with a value of 500. Is this ok??? I seriously feel stupid rn please help

Terrariabat · January 27, 2019, 10:13pm

If you are concerned about the safety of the Value then make something in ServerScriptService that ensures the value was not changed illegitimitely.

Other than that, Values are for the most part safe.

AbiZinho · January 27, 2019, 10:14pm

As far as I know, anything server sided is safe from potential exploiters. But surely there are more effective ways of initiating this.

Negativize · January 27, 2019, 10:14pm

Thank you.

SSSpencer413 · January 27, 2019, 10:16pm

Value instances are 100% safe as long as they are held on the server.

On the client, they can be edited locally so watch out for that.

Terrariabat · January 27, 2019, 10:17pm

I would generally advise avoiding values outside of scripts when possible though.

Noxielotl · January 28, 2019, 1:41am

If you have store Values in the Workspace or ReplicatedStorage, the client can access these and change them. These changes do not replicate to the server as FilteringEnabled is on.

You’ll most likely only be doing things with these Values server side so it’s fine if you place them in the Workspace or ReplicatedStorage.

An example of this would be in a game like Fortnite. Each structure (wall, floor, roof, etc) has a Health value associated with it stored inside the structure so that the client can access the Health Value and see get told much health the structure has. When the user damages the structure, all the damage / destruction code is done on the Server. So even if someone were to edit the Health value, the server would see the real value which hasn’t been altered by them.

waterrunner · January 28, 2019, 7:04am

Anything in workspace is at risk of an exploiter being able to access it(edit it in your case).

Dekkonot · January 28, 2019, 7:13am

That’s true but it won’t replicate to other clients or the server through FE so it should be fine.

railworks2 · January 28, 2019, 9:50am

If in doubt, don’t forget the first 3 rules of client/server.

Don’t trust the client
Do not trust the client
Never trust the client.

If it’s on the client, you should expect it to be tampered with in some way; and protect yourself that way.

Dev_Taiga · January 28, 2019, 12:16pm

Values are safe as long as you don’t read the data from a client script and try to push it through the server, example:

RemoteEvent:FireServer(Value)