They are Server Scripts and from what I am aware, you can just (an exploiter) edit the scripts and cause the game to delete itself if you so chose.
I’m probably about to answer my own question: should I use individual LocalScripts and maybe a ModuleScript on the Server Side with RemoteEvents connecting them.
For example, this is currently the “HandleOxygen” Script, that edits GUI (it is in StarterGui, as a ServerScript)
local Tweenfo = TweenInfo.new(
1,
Enum.EasingStyle.Cubic,
Enum.EasingDirection.InOut,
5,
true,
0
)
local tween
local oxygenHit0 = false
pBools.Oxygen.Changed:Connect(function()
script.Parent.ImageTransparency = (pBools.Oxygen.Value / 100) + 0.15
if pBools.Oxygen.Value == 0 then
local alreadyExists = false
for _, items in pairs(script.Parent.Parent.Parent.ScreenGui.StatusEffect:GetChildren()) do
if items.name == "Drowning" then
alreadyExists = true
break
end
end
if not alreadyExists then
local copy = script.Drowning:Clone()
copy.Parent = script.Parent.Parent.Parent.ScreenGui.StatusEffect
local tween = tweenService:Create(script.Parent.Parent.Parent.ScreenGui.StatusEffect.Drowning.ImageLabel, Tweenfo, {ImageTransparency = 1})
else
script.Parent.Parent.Parent.ScreenGui.StatusEffect.Drowning.ImageLabel.ImageTransparency = 0
tween:Cancel()
end
oxygenHit0 = true
end
if pBools.Oxygen.Value > 0 and oxygenHit0 then
wait(2)
tween:Play()
oxygenHit0 = false
local pbState = tween.Completed:Wait()
if pbState == Enum.PlaybackState.Completed then
if script.Parent.Parent.Parent.ScreenGui.StatusEffect:FindFirstChild("Drowning") then
script.Parent.Parent.Parent.ScreenGui.StatusEffect.Drowning:Destroy()
end
end
end
end)
But then how would I go about stopping the player/exploiter from just deleting the local scripts?
P.S. I probably horribly worded this question, sorry.
But I have them locally, sorta, so it can edit the server side property of certain bool values, such as a bool saying that the player is underwater. Instead of them hidden from the client, in ServerScriptStorage.
But they will still be visible to someone that calls a print(game.Player.[Username]:GetDecendants())
and see the script and destroy it (or possibly edit it? I’m not sure about, because they could edit the script to delete the game from the server side).
I realise I can do RemoteEvents and R-Functions. I wrote this for some reason like this (a while ago) then did a tonne of research on exploiting, before continuing.
The bytecode of regular scripts in any container, including StarterPack and StarterGui, will never replicate to any client meaning exploiters can’t read or edit them in any way. The only instance that you could be compromised by an exploiter is if you used ModuleScripts with sensitive information like an API key that was stored on a client-oriented container (i.e StarterGui and StarterPack)
Is this new with the Lua (thing) that Roblox recently released? (Luau?)
Does this mean that I wouldn’t have to re-write the scripts and that it is secure as long as I don’t have any Client-side module scripts that someone can go:
while true
for i, v in pairs(game.Players:GetDecentants)
require(x):KillPlayer(v.Name)
end
end
Was written as an example and probably wrong ahah.
This is what the filtering-enabled system does; it creates a filter between the client and server so the client can’t modify server attributes. LuaU just optimized Roblox’s version of Lua (VM) and made it a bit harder for exploiters to reverse engineer games.
Requiring modules on the client will also only load them on the client, it won’t load on the server environment.
hiding your server scripts anywhere won’t make a difference because they have not and never will send their bytecode to the client (allowing them to be converted back into uncompiled look-alike source code)
i honestly have no clue how you came up with this conclusion but since you mentioned ModuleScripts i might as well tell you that they are compatible to be “imported” in runtime via the server-side and client-side, therefore it is possible for their content to be viewed if they are not a descendant of ServerScriptService or ServerStorage
