Is this team selection secure enough?

I’ve developed a team selection system alongside a place intro for a game, which was tested, and I want to know:

  • If it’s secure enough, or if it needs improvement.
  • Possible alternative methods if it isn’t secure.

Client-side Script

Input handling
The below function takes care of input for the team buttons

if GENGINE_CONFIG.TYPE_OF_PLACE == 'Raidable' then

for _, child in pairs(Items.TeamButtons:GetChildren()) do
	
	if child:IsA('TextButton') then
		child.MouseButton1Click:Connect(function(arg)	
			if child.Name:find('GE') and player:IsInGroup(693932) then
				SelectedTeam = '-GE-'
				TeamValue = 1
				HandleTeamRequests('-GE-')
			end
			
			if child.Name:find('Raiders') and not player:IsInGroup(693932) then
				SelectedTeam = 'Raiders'
				TeamValue = 2
				HandleTeamRequests('Raiders')
			end
			
		end)
	end
    end
end

Remote Event firing
This function is responsible for sending one of two requests to the server via the client

function HandleTeamRequests()

if SelectedTeam == '-GE-' and TeamValue == 1 and player:IsInGroup(693932) then

	if runService:IsStudio() then
		warn('GEngine || DEBUG: -GE- team selected!')	
	end
	Items.GE_TEAM_EVENT:FireServer(TeamValue)
	PostSelection()

elseif SelectedTeam == 'Raiders' and TeamValue == 2 and not player:IsInGroup(693932) then
			
	if runService:IsStudio() then
		warn('GEngine || DEBUG: Raiders team selected!')	
	end
	Items.RAIDERS_TEAM_EVENT:FireServer(TeamValue)
	PostSelection()
    end
end

Server-side Script

Remote Event returning/handling
-The below function takes care of returning and handling calls from the client via two separete RemoteEvents (one for the -GE- team, one for the Raiders team)


-GE- team

local function Manage_GE_Team_Selection(player, teamValue)

if GENGINE_CONFIG.TYPE_OF_PLACE == 'Raidable' then
	if teamValue == 1 and player:IsInGroup(693932) then
		print('GEngine || SERVER: HANDLING TEAM REQUEST FOR', player.Name)
		player.TeamColor = game.Teams['-GE-'].TeamColor
		player:LoadCharacter()
		print('GEngine || SERVER: SUCCESSFULLY PASSED TEAM REQUEST FOR', player.Name..'!')
	end
    end
end

Raiders team

local function Manage_Raider_Team_Selection(player, teamValue)

if GENGINE_CONFIG.TYPE_OF_PLACE == 'Raidable' then
	if teamValue == 2 then
		print('GEngine || SERVER: HANDLING TEAM REQUEST FOR', player.Name)
		player.TeamColor = game.Teams['Raiders'].TeamColor
		player:LoadCharacter()
		print('GEngine || SERVER: SUCCESSFULLY PASSED TEAM REQUEST FOR', player.Name..'!')
	end	
    end
end

Additional notes

  • Both RemoteEvents are stored in ReplicatedStorage
  • The configuration module is also stored in ReplicatedStorage
2 Likes

I’ve looked through your code and I don’t see anything that seems insecure. Have you tried testing the code?

Yes, I’ve tested the code thoroughly.

As long as you’re double-checking whether they’re in the group on the server (which you are), it should be secure. It looks fine.

4 Likes