Theirs isn’t many things that you can’t do on the server that you can do from the client. The only time I’m required to use the client is if it dealing with UI’s. Which isn’t a important and valuable things for exploiters. I don’t use the server for GUI-related stuff.
The server has GUI mouse click functions already in it, especially if purchasing something using a currency. The PROS to this is the fact that it is already on the server so theirs no need for a server check.
If you’re using UI’s for purposes such as -
Toggling a Frame[opening/closing], etc…
You obviously dont need remotes.
However, if you’re using UI’s for these purposes -
Buying Items, Redeeming Codes, Inventory, you should always use remotes.
Ok so what’s diffrent from using playeradded and what you’re trying to do…?
Honestly that isn’t a bad substitute hmm
ok my question is can hackers see the server scripts
Yes, They can, But they cannot do ANYTHING to ruin other’s gameplay, Only their own.
Ofc, whenever it based on visual things that would be the only times I use the client. Other than that if it dealing with making a purchase, changing spells, etc I would just use a server script instead of firing from the client. Since it a much safer option and what I would do is just fire from the server to client.
Exploiters can’t compile server scripts.
There are a very significant amount of things which you can only do on the client and vice versa. Take a look at the Roblox API reference and look at services such as “UserInputService” or “ContextActionService”.
This is strictly for click detectors and proximity prompts. You cannot detect ANY of the UI signals from the server, such as “MouseButton1Click”
You don’t have to believe me, but I encourage you to try to do client stuff with a server script and observe the limitations yourself. You will find very quickly that you will need a local script.
This is false. Clients cannot see server scripts because they are not on the client. They can be seen as they are replicated, but they will not execute.
you are obsessed with trying your best to stop exploiters while making gameplay way less smooth.
do not curbstomp your players, as long as you keep that in mind.
at some point you’ll 100% use localscripts and then nothing will matter cause they still got code…
They can only see them, but can’t see the script itself[ the code inside].
They can if they are in PlayerGui, I’m pretty sure
EDIT: confirmed it
Even if a server-sided script [which is not local] is in workspace, they can see it. But can not edit it or see the code inside.
No, I’m not obsessed with stopping exploiters. I just don’t see the point of why not using a server script for majority of the game to worry less about those issues. Ofc, I use local scripts but only for visual things and client inputs like mouse.
Can you explain why you need specifically the local player? I believe it’s impossible for exploiters to spoof the first argument sent with :FireServer (aka the localplayer argument), since the server probably just checks the IP and fills it in automatically. AFAIK, there hasn’t ever been an occurrence of exploiters faking who they are with remotes.
You and @Valkyrop are correct, I confused it with the behavior of non-replicated services like ServerScriptService.
It is worth noting though that it’s basically useless because it will not run on the client even though it is present, as it is a server script.
Thats why you’ll need to do sanity checks, to protect your remotes. Having many remotes doesnt necessarily mean it’s bad or exploitable. Everything is exploitable in the game, so? would we stop making games? Just do some secure sanity checks and you’re good.
This topic is so cursed.
Server scripts don’t run when parented outside of ServerScriptService or Workspace and in workspace they do not get sent to the client.
If they are anywhere else they will not run and will not be sent to the client.
The reason exploiters can’t see server scripts is because they are never sent to them not because they ‘can’t compile them’.
Any client sided events such as UIS.InputBegan or UI events do not replicate to the server and are inusable.
? The way to prevent exploiters from messing with remotes is doing sanity checks. not parenting a server script to a place where it can’t be run
I’m not talking about the first argument, I’m talking about the overall arguments that are fired to the server. Also the reason for this post isn’t that I need the local player, it that I could just access the “LocalPlayer” from the server if it placed in StarterGui. Whenever I needa refer to the client, their aren’t any risks from server to client.
They run in startergui, test it…