Is it possible to put module scripts in server script service and still require them? I know that items disappear in ServerScriptService and ServerStorage when the game is run.
2 Likes
They don’t disappear, they’re just not visible to the client. So yes you can put them in there if you only require them from the server.
I don’t know very much about this
But the things don’t disappear, its only not visible, I know this because I can copy a tool of serverscriptservice to workspace using devconsole
When I require them, the script gives me an error stating that there is no object inside serverscriptservice.
It’s possible and also a great thing to do! Exploiters cannot be able to read and steal stuff in SSS or Server scripts, as it’s not in RS because hackers have access to that, but SSS is Serversided so Exploiters can’t get access!
7 Likes
well if you try and request them from the clients end it’s like requiring nil 
2 Likes
Yeah from local scripts not server scripts.
So there is no way to require a modulescript in ServerScriptService from a localscript?
1 Like
No, you need to put those in replicated storage… A client cannot see serverscriptservice or serverstorage.
Meaning that it is no longer secure? 
Local script requires = replicated storage
Server scripts requires = replicated storage and serverscriptservice
Nothing on the client is secure, how do you expect to tell the client to do something if the client can’t understand it? That’s just the way of game development.
1 Like
Anything inside of RS can be manipulated, changed or even deleted.
ServerScriptService is the safest for scripts.
Actually it doesn’t really matter. The only thing clients can manipulate are positions of objects they have network ownership of, otherwise it won’t be replicated to the server or other clients. This being said, they can’t manipulate modules for other clients or the server. No other clients will see it, nor will the server. The only people who will see changes will be the client who manipulated the module.
If you have a server script in workspace and an exploiter destroys it, it will still run because it still exists on the server. None of the clients will be able to read the source, no matter what.
1 Like
Yes, but its more secure keeping it there anyways hy default. They can run a new script by simply adding one through whatever they use to hack (don’t judge I don’t know what it’s called), they can use a coroutines and make a new ModuleScript by already extracting what they have there and modifying it. No serverscripts can be altered, modules can. I don’t know how exploits work but I’m pretty sure they are able to change how maybe 85% of the game works. Everything is client sided and stuff like stats cannot be manipulated as it firstly won’t save to the server. Localscripts can also be read unlike serverscripts if I am correct and those can be changed too, the exploiters can easily override these with the servers, if I am correct from what my friend was telling me a few weeks ago.
1 Like
Like I said, they can only change things that are visible on the client, nothing will be replicated to the server and therefore the only person they’re ruining it for is themselves. Modules can be manipulated on the client but none of the contents will be replicated to the server. None of the contents are shared across the client-server boundary (unless the server manipulates it before it’s required on the client, though I could be wrong)
1 Like
Yep, that is true, nothing will be replicated as everything is done from the client and is the client
For localscripts and modulescripts, hackers can actually decode and view the source (or the source with all variable names and comments stripped, at least), the lua bytecode has to be sent to the client for the client to be able to run it, and then that bytecode can be reverse engineered to a lua script, so that might give hackers a window into your server source code if it’s somewhere unsecure, and then they might be able to find ways to break your code from there
2 Likes