Is the player under players client or server sided?

As the title says, the player himself under the players is it client sided or server sided?
I’m asking this for security reasons, I know that i shouldn’t give control to anything client sided to avoid exploiters, so I’m asking is it safe from exploiters to insert something under the player?
I researched this and found conflicting results. For example in my game players can own land plots, so is it safe to save the owned plot under game.Players.player? or can the exploiter modify his own player?

1 Like

my opinion is client side. also players changes the game maps wont affect to other players

With all due respect I’m looking for a definitive answer and not an opinion. The game’s security is at stake and I can’t rely on opinions when it come to that matter

let me tell you, create anti-exploits,

when you insert a value inside the player, YES they can change it, but

  1. The server will look: (Internaly, this player has 50 coins, but he changed (locally) to 150,

so 150 is only visual, the real thing is 50, this will not affect nothing, actually,

  1. when you send data to the server ( can i place this block if i have 150 coins?)

  2. since the player had 50 coins ( server, internaly)

the 150 that the client gave to himself will not work
only 50 will be passed because the server must verify the amount passed

if the amount of coins ( internaly) is highter than 150, then spawn a building or something, else, just return doing nothing

also if you are worried about exploiters destroying everything and etc
changes will not replicate to others, only the exploiter will be able to see what he destroyed

From what I understand any checks that must be made (for example if he has the enough coins to place a block) must be done on the server because in your example the local script will say that he has 150 coins (which isn’t true) while the server will say that he has 50 coins which isn’t enough, right?

Almost everything created or modified on the server is server sided. Players only can replicate unanchored parts CFrames that they have network ownership and humanoids states that belong to their character.
In your case, its safe to save plot under Game.Players.player, just make sure to get all the data necessary from the server.

Yeah that’s safe if you’re doing it from the server. I’m not sure why you would though, generally most data is kept in tables, such as in a ModuleScript you created for handling that data.

what i’m trying to explain is, they can change the value in locally,

game.Players.Player.Folder.Coins.Value = 2041021024

while on the server side, the amount of true coins is 50

a good way to kill exploiters is, Firing the remote event, and sending two values, the
[Block that will be placed] and [Amount of coins that the player sent ( from their local client)

if , in the server, is noticed that the player removed the second value [amount of coins and etc]

Then the server will ban him, since no ‘‘normal-players’’ can delete the value from scripts, and this only could be done exploiting

the hacker will be on an edge, he will not be able anymore to

  1. change values, since changing will send to the server that he has more coins than (internaly-datastore coins)

this will trigger the anti exploit and will ban

  1. he will not be able to delete variables that will be sent, because if he deletes

[item that will be sent] or [amount of coins variable]

the server will trigger again the anti exploit and will ban

this is 100% accurate since no LEGIT players can delete or change stuff, i can confirm that this is really safe

now, if you pocess something in your game that, for example, a part that gives coins
and others players can interact with it

then, do not give locally any coins, as others players may get caught by the anti exploit, since all true coins is (internally safe)

To solve this, only send a remote event ( player who clicked)

since the server can handle everything, depending on which part he touched, he will offer the amount of coins ex( 50, 100, 125)