So yeah. I have been trying to make a good way to protect remote events. And recently i came up with this idea… Explaining in the pics:
I have a remote event in ReplicatedStorage
I have a script that checks everytime the event is fired inside of ServerScriptSevice
I have a module script inside ServerStorage
So the module script has different keys… Everytime you fire the event you NEED to have the right code(The code changes everytime you fire the event btw!!)
This won’t really work in practice. How exactly is a client suppose to fire a event legitimately? You would need to send over a code to the client so it can actually have the correct “password” to send. And then any well versed exploiter could take that key and send it right on back and bypass your system entirely.
Another Issue I see with your implementation is that you randomize the code each time before you check. How exactly is the client suppose to know what code will be correct to send over?
You can learn more about why this is a bad idea and how it is useless here
Here
And here
You could use some dynamic system to make it work but why? Don’t waste your time on stuff like this just make your game with secure with server sanity checks.
