Is Placing Scripts in the Client Bad Practice?

Recently, I’ve learned that it is possible to place scripts inside the PlayerGui. I have questions about doing this however.

  • Can exploiters modify these scripts?
  • Does this leave my game vulnerable to exploits?
  • Is it better and safer to use remote events instead?

Yes very bad practice :angry: :angry: :angry: :angry: :angry: :angry: :angry:

1 Like

Hello Phazenine!

Exploiters can not modify server code whatsoever, or remove server scripts so they stop running. But you should, for organization reasons, keep your scripts in ServerScriptService. As long as a ServerScript is in a runtime environment, the client can not tamper with it and it will run.

There are a couple things to know about how Exploiters work & can view certain things

  • They’re capable of accessing anything client-sided (ReplicatedStorage, Lighting, workspace, ReplicatedFirst, PlayerGui/PlayerScripts)

  • They are unable to see anything server-sided (ServerScriptService, ServerStorage)

Now to answer your main question: Yes

You shouldn’t heavily rely on the client to handle the majority of LocalScripts, they can manipulate the scripts & change them at their own will

However, as long as you implement enough sanity checks on the server then you should be fine?

(I believe don’t quote me on that)

Although its a lot easier to just use local scripts than confusing with remotes I would suggest doing so since if there are exploiters they can mess your game up real bad if its mainly programmed on the client.

Stuff like money, power ups and tools should mainly be sorted and handled on the client to avoid them being taken advantage of. Local scripts are fine for programming interactive gui since there’s not a lot an exploiter can do changing TweenPosition etc.