So I have a script that gives a player a special item that when their character is added if they have the correct Player UserId and Player Name. I’ve heard in the past, that there were exploits that allowed exploiters to change these values to whatever they wanted. I am just wondering if this exploit is still possible and if so, is there a different method to checking a player’s identity when they join?
AFAIK for the UserId the only way for it to be “changed” is If you let the client control what it sends to the server. The exploiter cannot change it server side without a security issue on remotes. Same goes for the name. I could be wrong though.
If they can it will be through a LocalScript, so it won’t replicate. It’s not possible for regular game scripts to change this, as it is read-only.