Hello there!
I am currently working on a console gui(similar to the console in the counter strike series or rust).
Just as in the games mentioned above, there are certain commands admins can run and commands that everyone can run.
I have scripted every command that’s local(crosshair color, local player kill, quit, etc) in the gui local script, and the commands that aren’t local(ex kick, ban, kill someone else, etc) connected to a remote event and then to a server script that checks if you’re an admin and runs the command.
Though my question is: Should I move all the scripts to the server side script so exploiters can’t steal 80% of the console with one click or should I keep it like it currently is?
Would it make the game laggier for others if whenever someone ran a command(whether it’s something that could’ve been done locally or not) on the console, the server would check what kind of command it is and run it?
The best idea is to move your source code of console in ServerScriptService. There exploiters won’t be able to steal your source code and even can’t change any of it when they are joined in the game. I don’t think there should be any lag but there might be a lag if you run command for multiple players. In conclusion I still don’t think there should be any lag at this point anyways. You should send an input player wrote in input box through the remote event and then check the input on the server-side.
Any administrator actions should definitely be run on the server and make sure you authenticate the player for EVERY command they perform. Also, another reason you should keep your code on the server-side is because when the attacker has the source code: it’s much much easier to figure out where to attack and where your vulnerabilities are. Just keep the basic rules in mind
- Authenticate and validate
- Server has all authority, client has none
- Only give the admin players authority when using the admin.
The players could most likely get the actual gui but as long as you script everything correctly, this will not matter at all.
Go for a command prompt style, it will look awesome. You can give the access to select players or staff and they can check the logs for exploiters or any suspicious prints or even any errors.
The server does check every command that isn’t local and could be used for an unfair advantage(ex ban, unban, kick, setcash etc.) The only commands that aren’t being checked are local ones such as changing their own crosshair id, color and so on. My concern was that exploiters would be able to steal the entire gui except for what is in the serverscriptstorage and I am looking for a resolve to that. My idea was to just send the command from the gui to a server script where it’d get checked and performed if that’s the case but I think that it would cause too much lag.
I think you’re worrying too much about micro-optimisations. On the client, make sure you only have the GUI (visual) and the client script that handles any clicking, firing to the server etc. Again, don’t worry about little micro-optimisations. As long as you have scripted it correctly, there should be minimal/no-lag.