As stated, the variable name “RemoteEvent” previously stores the ObjectValue of the remote event before the loop runs. Therefore, the ObjectValue can be stored in other scripts before the loop even begins. (And hey, I love that catchphrase!)
Different scripts don’t run at exactly the same time though…
and what prevents an exploiter from just getting the locals?
If your remotes are secure surely there isn’t a need for obfuscating names?
They can’t do it if the script is 500 empty lines long and has a different password each time.
5 seconds is 5000 ms. most ping ranges around 300ms.
I do my best to keep the server at a very fast speed and any delay above 5 seconds is already gamebreaking.
It doesn’t matter how many lines there are. If they clone the script, the clone won’t remove it’s self, and they can view the code.
Plus as stated, they can manipulate Metadata, which will trick the localscript into returning normal values.
Anything client-sided will fail, as the exploiter has complete control over it.
They can’t, however, they can manipulate the remote callbacks, all they have to do is wait for the server to do checks
Some are kind of missing the point: you gave the code to the client. This is no different than if I handed you a piece of paper with some writing on it and you take it home. I can’t instantly change what’s written on that piece of paper because the paper is no longer in my possession. The only way I can change what’s on that paper is if I ask you if I can change it. The same idea applies to the code given to the client.
Exploiters have plenty of time to learn your local code since you gave it to them. They don’t have to immediately start exploiting, they can just learn how everything works and keep the bits that the server is expecting from them.
Key exchanges are to prevent a person from intercepting/manipulating data in transit (man-in-the-middle attacks). The exploiter IS the intended recipient, they are not the middle-man, so key exchanges can’t prevent an exploiter from manipulating code that they already have access to. Remember this: if the code runs locally on an exploiter’s machine, then they can see/access/change it to their liking.
The server is a drill sergeant that says “Do this now!” and some people choose to respond with “Nope.”
1 Like
Wouldn’t work. Just use sanity checks on the server for such things when the client has network ownership of the character. You could give it up to the server in exchange for much less responsive gameplay. Which isn’t worth it.
As a rule, keep game logic on the server and all aesthetics that doesn’t affect anyone else, on the client.
Just sucks when someone puts a bodymover in their character and they start flinging everything
Think about scalability, a lot of these anti-exploits precautions takes a lot of resources and often times as your player base grows, hacker to the proportion of player decreases.
Think of your players first man