I'm trying to figure out how to secure an avatareditor RemoteEvent

Help and Feedback Scripting Support
,
#1

You can write your topic however you want, but you need to answer these questions:

  1. What do you want to achieve? Keep it simple and clear!
    I want to make a custom avatar editor mostly unable to be exploited
  2. What is the issue? Include screenshots / videos if possible!
    I use an remote event when you finish editing your character, so when you click done, it fires a remote event to the server that contains what you selected for each part of your character, and the server will datastore it and spawn your character.
  3. What solutions have you tried so far? Did you look for solutions on the Developer Hub?
    I haven’t been able to find anything, and none of the ideas I’ve come up with will work.

Is there a way to check what the client sees with a serverscript like if a player has a gui enabled? or any other method of sending data to the server/securing said data.

#2

well, theres not really much they can exploit in this situation, all they could do is what there able to do with out the exploit,

when you fire a remote event (client to server) the first variable will be the player that fired it, exploiters cnt change this so if your using that, then all they could do is change there own character.

edit: one thing you could do is create a debounce on the server for everytime you fire it, that way they can only fire it every so often as to not overload datastore service

1 Like
#3

Oh, they can’t change the first variable? No one ever told me that, Thanks!