Is there a way to use a for loop with a database?

No, you can’t iterate through a DataStore. If you pull an array or table out of a DataStore you can iterate through that table, but overall you cannot iterate through every existing key of a DataStore.


@MallocByte While this is a viable solution, be mindful of DataStore limitations. Such a system like the one you proposed seems like it’ll waste valuable request limits quickly.

What’s even the use case here? Can’t you just save stuff under a player’s UserId and skip the username-password thing? I can see a lot of issues with something like this in the first place.

2 Likes

I did use a player’s userid to store, but I needed this way.
I’m not really that experienced in datastores, so it’s expected this is a mess-up. But I need it so if a player registers under the same name they can’t, and they can also log in but they need to be able to get in to other accounts to help another player with something on their account. There’s not really any issues.

Does this mean that the same Roblox user can make multiple accounts in VRBlox?

Yes, and they are able to log into those.

What exactly is the use case for this?

Storing passwords is something that should be done very carefully. I’d try to avoid it altogether if I was you.
If not done right, you are effectively exposing large amounts of highly sensitive data to anyone who has access to Roblox datastores (i.e. Roblox employees), along with anyone who can get that data through illegal means. Plus, there are no guarantees about the actual data being transmitted to/from Roblox servers. AFAIK it isn’t even encrypted, meaning anyone in between Roblox’s servers and the client could snoop in and read the password.

Also, from experience, people tend to reuse their passwords everywhere, or end up making bad passwords altogether. This ultimately defeats the purpose of your login system anyways.

7 Likes

How so you plan on storing the passwords, will you hash them or save them as a string?

1 Like

I have to agree with sayhisam1, storing passwords seems a little bit sketchy and odd to me. Wouldn’t it be better to just allow users to create new accounts as they will and authenticate them with their UserId? The only real reason you would need a username password system on your game is if users were permitted to share accounts (which your warning clearly states isn’t allowed).

4 Likes

If you read the warning again, if they can be trusted on your account they may be let on it. They are permitted.

It has already been solved, but by string.

Oops you’re right, I misread the warning. In the end though the use of passwords still seems a little bit questionable, you could just as easily have users select who they share their resources with (like the whitelist many games use, except a little bit more permanent). That way players can still work together and share with UserId authentication rather than passwords.

2 Likes

Good idea. With the thought of this, I could add a 2-step verification type of thing by using User ID authentication so whomever is logging onto the account has to verify using it. It’s better so if the databases get leaked people need to identify.

I’m not sure what you mean by having UserId as 2-step verification. What I’m trying to say is that there’s no need for Username/Password combos for your game, users can simply type in the username/UserId of others they want to share their resources with. When users join your game, they’ve already authenticated themselves by joining on that account. Using that account’s UserId is the only authentication you need.


Sorry that I’m really bad at explaining this, I’m not really sure how to put it in easy terms.

5 Likes

Fun fact: This game is based off of VRChat.

I’d like to use a username and password system because of it fitting how the real game goes.
Understanding what you have said, I still think using 2-step verification with the User ID is a good idea to prevent people who have database access to log in. Your ideas are good, but I’m trying to fit the game better. That is all I mean.

Not to be rude, but this REALLY isn’t a good idea.

Storing passwords as just text is possibly the worst way to store them.
Take a look:

If you are dead set on having passwords in your game, PLEASE PLEASE PLEASE atleast look up ways to secure them properly.

2 Likes

Seeing as you may have not read the previous replies, I am adding a new datastore which has userids for the people whom have registered accounts. Thanks for your suggestion and concern, though.

Fun fact: There are about 6 different datastores for each type. Not just one datastore holding everything.

1 Like

This is really not a good idea. This will be incredibly slow and incredibly resource intensive - and I don’t see how it addresses the issue?

2 Likes

It somehow worked for me. I use like 6 databases in my game so I don’t think it’s gonna be that slow. Game probably won’t be that popular, anyway.

I would strongly advise against this. Aside from the reasons mentioned above, it violates Roblox’s community rules.

Community Rules. Section I, 10: Since your game asks for a username and password, it may be viewed as one of the following.

Dangerous, unethical and illegal activities. Not only do we not allow these activities, we do not allow anyone discussing them or encouraging others to discuss (or take) such actions, including:

  • Hacking, phishing, flaming, exploits, cheating, spam, deceptive practices, scams;
  • Misleading, sexual or racy thumbnails or other images, videos or text;
  • Gambling with Robux or real money;
  • Terrorism, Nazism or Neo Nazism, organized criminal activity, gangs and gang violence;
  • Instructions for engaging in violent activities, including bomb- or weapon-making
  • Criminal activity;
  • Illegal drugs or prescription drugs without a prescription;
  • The use or sale of drugs, alcohol, or tobacco by minors; and
  • Blackmail or extortion.

Community Rules. Section II, 1: You are not allowed to request personally identifiable information.

  • Do not ask for or collect (or allow the transfer between players in your game) any personally identifiable information (PII) . For example, you should not ask for a player’s first and last name, age, home or physical address, something that contains a person’s image or voice (such as a photograph, video or audio file), social security number, passport number (or national identity number), phone number or email address (or other forms of online contact information).

Furthermore, you should never store a password in plaintext. Instead, you should use a strong hashing algorithm and save the hash. This means that even users with access to your datastore can’t view anybodies passwords.

6 Likes

I think you’re using the wrong terminology.

DataStore: The database system that Roblox uses
Key: The “key” or descriptor of the data you use to access the value i.e in this case the Username
Value: What is stored associated with the key

3 Likes