Is there a situation where I would ever need to use ReplicatedStorage more than ServerStorage or Vice Versa

Shinssei · April 9, 2024, 4:02pm

I heard Server Storage is better to use compared Replicated Storage because hackers can remove objects from RS. But I’m wondering what the uses of both are, what makes one better than the other, and if I would ever be in a situation where one might be better than the other

okeanskiy · April 9, 2024, 4:13pm

Exploiters can remove objects from ReplicatedStorage but only on their client (not for other players) since FilteringEnabled introduced ~2014.

Objects in ServerStorage don’t replicate to clients, so use this as a place to store items that the clients don’t need to download either entirely or at the moment. ServerStorage is also where modules that have sensitive information, such as API keys, can be stored without clients being able to read them.

ReplicatedStorage should contain any code or instances that clients need readily-available at all times to play your experience.

Valkyrop · April 9, 2024, 4:14pm

In ServerStorage you want to store important stuff such as Data related items[to give the players once they join etc], and anything valueable else that the client shouldnt have access to it

In ReplicatedStorage you mainly want to put remotes and stuff that you want both the server and client to have access to. Now, even tho exploiters can mess around with remotes - there’re multiple ways to reduce / minimalize the damage they could do, and since most of the exploiters are not that ‘scary’ or ‘professionals’, no need too much to worry, just make sure u do the basic sanity checks etc.

ZerroxShiot · April 9, 2024, 5:58pm

You should store API keys in the Secrets Store:

Shinssei · April 9, 2024, 6:35pm

I haven’t used API keys yet, but this looks really useful, thanks.

Shinssei · April 9, 2024, 6:41pm

Alright thanks, but how do I do sanity checks?

MrOnlyKemal · April 9, 2024, 6:54pm

Keep in mind that the clients can tell anything they want to the server, you should verify it in the server instead of the client.

Bad Remote Example:

-- Local Script

script.Parent.Activated:Connect(function()
if game.Players.LocalPlayer.leaderstats.Coins.Value >= 100 then
game.ReplicatedStorage.BuyItem:FireServer(script.Parent.Name)
end
end)

-- ServerScript

game.ReplicatedStorage.BuyItem.OnServerEvent:Connect(function(player, itemName)
  player.leaderstats.Coins.Value -= 100
  -- Give the item to the player
end)

The client can just make their coins value infinite, and since we check their money locally, they can tell the server that they have enough money.

Good remote example:

-- Local Script

script.Parent.Activated:Connect(function()
game.ReplicatedStorage.BuyItem:FireServer(script.Parent.Name) -- We tell the server that we want to buy this item
end)

-- ServerScript

game.ReplicatedStorage.BuyItem.OnServerEvent:Connect(function(player, itemName)
if player.leaderstats.Coins.Value >= 100 then
player.leaderstats.Coins.Value -= 100
-- Give the item to the player

end
end)

In this example, the client tells the server that they want to buy an item. But now, instead of checking the users money on the client, we check it on the server so the exploiter has no way to change their coins value to give themselves infinite items

system · April 23, 2024, 6:55pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.