While these features are great! I am glad you are putting them in. These address the symptoms not the source. I am eagerly looking forwards to updates to the toolbox to reduce the vast amount frankly garbage in there. As a Roblox educator, kids are very eager to grab whatever looks cool, potentially ruining their games.
This is amazing! while I do not get things from the toolbox anymore, this will help newer devs be able to put a little bit of toolbox assets in their game without asking the players to buy a couch every 30 seconds, or teleport to a different game when you join!
This would definitely help remove a pretty decent amount of model viruses with the click of a button!
@RoxyBloxyy Quick question:
Are these settings enabled by default? I can see many new devs who may use Free-Models not knowing about this and ruining their work as a result.
EDIT: Nevermind, didn’t correctly read the release information!
Yes, instead of ensuring your game has no malicious code, you can ensure the malicious code can’t… show purchase prompts or teleport your players!
Amazing!
This is one punch in the face for malicious models!
Anyways, I think it’s a little too extreme to either allow purchases created by someone else or not. I feel like there should be a white-list system that allows us to pass any exceptions so any purchases/teleports made by the specified users/groups are allowed even with the options disabled.
Hmm, this game’s literally living on the edge.
What about this game specifically? You only said less than and greater than (no “equal to” in there), so where does this game fall (not like it matters, but still).
Edit: IK this is a game ID, and we’re talking about universe IDs, but it’s kind of cool to think that there is one universe that is the border between the two options!
Nonetheless, thank you very much to anyone and everyone who worked on this!
Keep it up, Roblox!
While this is amazing, why the specific universe id?
I’m assuming what Roblox have done here is they were scraping universe IDs and quickly grabbed one that was JUST created when setting the FFlag for the feature.
Either way, I cant think of many games that use corss-universe teleporting.
Props to Roblox to actually trying to fix the problem. It’s not a 100% solution to issues with malicious plugins/models, like say botting a plugin to make it seem like a good plugin when in fact it adds a backdoor to your game so paying clients are able to run code directly through the game without injecting code. (Then again it’s pretty hard to prevent something like that)
But Hey, Making it harder to do malicious actions is good in cases like these where it decreases the likelihood someone would try to do this to Inflate game numbers or sales of a say a shirt.
Aha! One less attack vector in games and less novice developers confused as to why unintended actions are occurring in their game. These are great features that should have been introduced long ago, but that doesn’t matter - point is they’re here, and that’s all that matters. Cheers!
Thankfully I almost never encounter an instance where I need any of these permissions, so I’m even happier that these will automatically be disabled for newer places.
still wish i could disable client-side teleports though
Perfect update, now teleport will be hard for them. Other than I want Private Modules to have an Option like that .
Can I just say this is possibly the best update on the Game Security? This will help out LOTS and LOTS of developers and have some safe understanding on there game now! Thank you guys very much!
Sooo… I’m seeing by reading some of the replies that this is going to help eliminate toolbox viruses. Seems awesome! It looks like both properties are disabled by default, which essentially deletes almost all worries of toolbox items saying “Do you want to take Sedan for Free?” or whatever upon joining games that use free assets.
Something I didn’t fully understand, however. Third-party teleportation prompts do not mean those sent by the game itself, such as teleporting to a hub world, right?
It says that it goes by universeid’s not gameid’s. But I would assume a greater universeid if than specified would not be enabled.
yeah this update is quite great and all, but i have 2 things to say about it:
1.this should have been a feature years ago(when it was released or some time around there)
2.for those wondering, no it wont exterminate all backdoors, it will stop like 30% of them, which i guess is a great start.
Remember UniverseIDs and regular game IDs aren’t the same! You can find your UniverseID by opening the Configure Game page.
Just to clear up confusion, I created a new universe / game named “The Edge of Security” today before we launched (around 5:16PM) …
Its starting place is The Edge of Security - Roblox
It is set to private as it is just intended to be the point between enabled and disabled. So you can think of it like all places before are default enabled, and all after are default disabled. For the most part, that will be true, unless a place before it is added to a universe created after it. This is a universe (game-wide) setting not a place setting.
Now give us a feature to block require( id ) from non group or non profile accounts.
That’ll solve this huge backdoor issue that’s starting to arise with people getting smarter to sneak 'require id’s.
You guys disabled the feature to require( id ) from models that are not uncopylocked, but you leave it completely open for models that are? I don’t get the point if this feature was pulled from copylocked models but not uncopylocked ones? That just lets them continue using require maliciously while destroying another kind of marketplace that required or relied on hiding behind being copylocked.
I’ve been seeing multiple models that are being uploaded where they make a ’
require chain’, this module requires, this module requires, this module requires, this module requires…
Maybe provide whitelist or an option to block require( id ) on non group/profile models?
Edit: By what I mean for some services that relied on being private, what is the best 100% way of making sure a player is in a game in a http server? There is no way. There’s no way for even a developer with team create access to see the names of players in the server on the Roblox website.
yeah im suprised they havent added that yet, considering require is how backdoors even get into your game
This is a very good update but there are some backdoors that do more than just prompting a Marketplace message so by disabling these prompts that will make the backdoors essentially silently. So in that case the best option could do an output warn or print with information about it.