Module Loader Security

Hey there!
I’m trying to make a safe module loader. My goal is to only make ONE for simplicity’s sake. But why?
I’m trying to avoid having seperated module loaders in ServerScriptService and ReplicatedStorage.
Would it be safe to instantly delete the “server” folder from the client using a localscript (replicatedFirst) once it loads in? Or could exploiters still access it?
image

It wouldn’t be safe. If the client sees the server folder, even just for a second exploiters can access it.
Deleting it wouldn’t help because exploiters can view all replicated data.
If it must stay secure, keep it in ServerScriptService or ServerStorage where the client cannot get it.

You could add an if check to see if the code is running on the server (like RunService:IsServer()) but that would only stop it from executing.

1 Like

Well I thought of that but exploiters can copy the module, delete the original, edit its source and clone the clone into its old parent. So I dont think thats safe either

Every modification made on the client only affects that client and does not replicate to the server. Therefore, deleting, editing, or replacing modules on the client side won’t change anything on the server side, the server will still have the original module.

The main issue with placing server modules in Replicated Storage is that exploiters can read and copy their code, which facilitate them to create and release an exact copy of your game, just like these ‘modded’ copies of popular games.

1 Like

if your server modules contain sensitive information, create another loader for them
if they dont have any sensitive information you can probably just leave it as is since the player’s requiring the module and firing the functions wont replicate to the server but only to the client

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.