I have few critical client scripts that I need to be stored away from the players to see, as I know, ServerStorage isn’t accessible to the client, but I thought exploiters also are able to see client scripts, is it safe to store it in there? If not, what’s the best to?
Yes you can put them there, since the contents there are never accessible to clients, no matter what it is. Although, they won’t be able to run. If you have sensitive information in your localscripts outside of comments and local variable names you are doing something wrong. Move those into server scripts.
1 Like
You can put them in ServerStorage, but they won’t run.
Client-side scripts will never, ever be secure, and can and will always accessible to any exploiter that really wants to get into your game’s clientside. Even storing them in _G or using :Destroy() will still make them retrievable by exploiters.
Just focus on securing your RemoteEvents/Functions and server-sided sanity checking if you value your game’s integrity in terms of security.
Strong client-side security = stronger exploiters
Strong server-side security = weaker exploiters
1 Like