If you understood a word of what I said before you would understand that thats basically what would happen.
If the client and the server both subtract 1 from there ammo they will have the same amount of ammo, both of them will be in sync. The server already will have an updated copy if you do this.
If two things do the same operations and start at the same state the final result will be the same.
Exactly. so if you go into the memory and change it, then it will pick up on it.
and as the data being sent will be encrypted and sanity checked. they cant update the value the server holds.
Meaning that using a script can secure the data.
I think im misunderstanding something and it’s probably about the encrypted part, what do you mean by this?
Also the thing I said works with value objects to, all you would do is subtract the value object on the server when a bullet is shot, and this time it replicates to the client to.
A forum ive been discussing Encryption on
Look at some of my posts and they should explain things.
Right, but you weren’t talking about remotes. You were talking about using Object values vs storing them in a script.
Sure, memory is accessed differently, but I wouldn’t say one is more secure than the other. Packets can be intercepted, and even without that, it has to go somewhere such as a variable. If this is data that you are saving as OP implies, then both a NumberValue and a table have to be stored in memory. Both can be encrypted. The encryption program can be read if it is in a LocalScript anyways, it just depends on how many tools and which skills our exploiter has at his disposal. If you aren’t using a LocalScript for encryption, then why is it accessible to the client at all? This whole security bit is irrelevant if you can just store things on the server.
Seriously though, this post is about data storage, not security. RemoteEvents can have sanity checks, but they’re also the only way to send data to the server from the client. That’s not the question here.
OP, if it is only accessible by a single script, use a variable. Otherwise, if it is only accessible by Scripts (not LocalScripts) then keep it in ServerScriptService or ServerStorage since the client doesn’t need to see it. Otherwise, put it wherever is convenient (probably as a descendant of Player or Character)
Tbh if your main concern is security you would have both a script and values. Having one or the other wouldnt even be a debate.
But in general scripts are much more secure. The forum I just linked you to will show literally how the most basic enrcyption methods can make it secure.
You still aren’t saying why using value objects aren’t secure, your telling how to secure remote events.
What I mean is this part, how does letting the client view how many points he has not secure.
For example having an value object which says how many points a player has.
2 Likes
exploiters will need an extreme level of injection to read your scripts source. For this they would literally have to be on the same running permissions as a plugin.
And say we are going with them running on the same level as a plugin. They could literally bypass your entire security system. This means that people with that kind of access you cannot actually stop.
In terms of encypting a value, yes its possible, but nowhere near the extent that you can with a script.
If you have used a module that loads from a Id then that would be the only other way they can see your script, unless you made it publicly available. Either way its a very stupid thing to do.
And if you are on about them accessing the encryption through a module. Then somethings clearly wrong. You should never put enrcyption in a module or pass any kind of key through any means of communication.
Ok lets say for example you want it to display how much money a player has.
If the server changes the value it effects server and client
If the client changes the value it effects the client.
The exploiter can change the value locally, so the server still thinks everything is ok.
if they gave thereself a ton of money in that value and the local script then views the value. The local script will then be using the value the exploiter entered.
So? What’s wrong with that, the exploiter isn’t affecting anything on the server.
An exploiter could litterly make a money gui on the client having a insane amount of money but who cares though it isn’t affecting anything.
1 Like
This is why you should always have the server check the values instead of the client, it isn’t safe to check from the client because the exploiter can mess around with it.
1 Like
Yah assuming you have proper checks on the server the client changing his money value on the client won’t affect anything since the server has the real amount.
For example in a shop system you check if the client has enough money to buy the item on the server not on the client.
Example:
'on my local gui. the script just got the value from the object value. Now Im pressing to buy stuff. a gui uses a local script. The local script got the value from the object value which has been exploited.
Ok, no, a script is stored in memory too. They would need to decompile it, but that’s easy beans compared to most languages. Roblox’s permissions don’t dictate what hackers do.
Yah but like I said how is this affecting the server. Will it actually make the money go up? No it will only make it go up on the client. So when the client buy’s something the server will have the real value.
1 Like
So you should have that local script fire a remote and then have a server script check if the player has the right amount of money, and if he does then the server script should grant the purchase
which means you still need a remote event lol.
I don’t think your understanding. Player1 starts of with 50.
player1, changes the amount of money: It only changes it on the client. Lets say he changes it by 25. Now he has 75
Server: Doesnt even know the value got changed since it doesn’t replicate to the server, thus making the server have the original value, making the server value 50.
so client wants to buy an item.
the item costs 60. You send a remote to the server asking the client to buy the item. The server checks if the player has enough. The value object on the server is still 50. So the server declines the request, not giving the item. Exploiter thinks hes all smart cause he changed his money to 75, but in reality on the server it’s only 50. So he doesn’t acutally get the item.
1 Like