Hey,
so I used both styles and tried out things and I’m not really sure if it’s better to keep them purely in a table and use the OOP approach or simply using objects in the explorer.
What’s your approach and what are the pros and cons?
1 Like
Storing values in the explorer is actually using OOP, those values (stringvalues, numbervalues, etc) are tables (at least I’m pretty sure, I’m not sure if roblox’s explorer objects are different than regular lua tables).
I would create my own tables in my script to store my data, I don’t like cluttering the explorer needlessly. The only pro of using the explorer that I can think of is that roblox’s value objects have events like Changed that let you keep track of your value, and that they can be accessed from any script. But if you use modules or global variables you can do this with your own tables as well.
Tables aren’t exactly OOP. It’s your call, but I say keep it in a table if only the one script is to have access to the data.
Storing them in a script is much safer. exploiters can see the workspace.
I usually have tables in tables for this
local Data = {}
local Packet = {Name,Value}
table.insert(Data,Packet)
Edit:
In regard to pros and cons.
The pros for using script stored info is:
More secure
Easy to manage
Cons:
Cannot pass info across server/client without a means of communication.
(Note, using a remote for this would still be more secure than just putting it in the workspace)
Definitely not true.
If it’s a Script, you can keep them in ServerStorage and it won’t make a difference. If not, it won’t make a difference because exploiters can also see tables inside LocalScripts.
Don’t imply that you can communicate back to the server though because you can’t. Using a remote isn’t more secure, a number is a number when you use a memory viewer.
How are value objects exploitable though just viewing data can’t lead to any harm.
Unless if your storing some information which can be used to exploit i’m not sure what kind of information that would be.
The cons of an value object is that you first need to convert them into tables to store them in datastores. Now that isn’t really a big con.
Yes but you can actually encrypt and use sanity checks with a script. A object cant do that.
Also if your data is just sitting there its far easier to read. Keeping them in server storage wont do a thing as exploiters can see it. They would have to use a memory viewer to even see the information, that already means its harder to reach than an object.
If its encrypted and has sanity checks then its even more secure. Communication between server and client is very possible (Remotes).
^ Remotes literally allow you to do this. Theres a few other ways but I dont want to make them public as it makes my scripts insanely secure.
it depends on if the objects data is needed for client sided scripts. If they change it on the client and say your gun script uses it to see how much ammo you got. It will actually have an effect.
I wouldnt call using tables a con, if anything its more of an advantage as information can easily be found and managed. And to make data compatible with datastores you can literally use table.concat(table,“Seperator”) and that will make it all 1 string.
That actually makes it much easier than if they were objects.
Yah and the client can do that without an value object to. If you have a variable called Ammo in memory on the client they can just change that.
Unless your saying changes in an object value on the client replicates to the server.
Thats why you can communicate with the server. so there server will always have an updated copy of the data, and so will the client. when they communicate it can then check the information.
This means that should they change a value, the server has a up to date list so if the client is giving you a different value on the sanity check, then somethings up.
(When the server is updated the client will have a bunch of data to verify the changes. E.g which stat was changed, how much it changed).
Also if all this is encrypted it wont really be of much use to them, the pattern finders will have a bunch of random stuff in the table and with the short pieces that are there it wont be able to tell whats what so they wont know that you even have a sanity check, so when they try it without the sanity check, you ban them.
You don’t need the ammo value from the client if your relying on that that’s already a major security flaw.
Instead what you do is when the client fires the remote subtract one on the server and subtract one on the client. When the server one hits 0, don’t take any further client requests of the gun until it’s reloaded.
This would be an example with ammo, I don’t see how tables would be more secure if your ever relying on the client for information without checking it.
I’m not an expert but I think tables are OOP, I think they’re basically javascript objects, both javascript and lua use the prototype model. If javascript objects are considered OOP I do not know how lua tables aren’t.
If you understood a word of what I said before you would understand that thats basically what would happen.
If the client and the server both subtract 1 from there ammo they will have the same amount of ammo, both of them will be in sync. The server already will have an updated copy if you do this.
If two things do the same operations and start at the same state the final result will be the same.
Exactly. so if you go into the memory and change it, then it will pick up on it.
and as the data being sent will be encrypted and sanity checked. they cant update the value the server holds.
Meaning that using a script can secure the data.
I think im misunderstanding something and it’s probably about the encrypted part, what do you mean by this?
Also the thing I said works with value objects to, all you would do is subtract the value object on the server when a bullet is shot, and this time it replicates to the client to.
A forum ive been discussing Encryption on
Look at some of my posts and they should explain things.
Right, but you weren’t talking about remotes. You were talking about using Object values vs storing them in a script.
Sure, memory is accessed differently, but I wouldn’t say one is more secure than the other. Packets can be intercepted, and even without that, it has to go somewhere such as a variable. If this is data that you are saving as OP implies, then both a NumberValue and a table have to be stored in memory. Both can be encrypted. The encryption program can be read if it is in a LocalScript anyways, it just depends on how many tools and which skills our exploiter has at his disposal. If you aren’t using a LocalScript for encryption, then why is it accessible to the client at all? This whole security bit is irrelevant if you can just store things on the server.
Seriously though, this post is about data storage, not security. RemoteEvents can have sanity checks, but they’re also the only way to send data to the server from the client. That’s not the question here.
OP, if it is only accessible by a single script, use a variable. Otherwise, if it is only accessible by Scripts (not LocalScripts) then keep it in ServerScriptService or ServerStorage since the client doesn’t need to see it. Otherwise, put it wherever is convenient (probably as a descendant of Player or Character)
Tbh if your main concern is security you would have both a script and values. Having one or the other wouldnt even be a debate.
But in general scripts are much more secure. The forum I just linked you to will show literally how the most basic enrcyption methods can make it secure.