You still aren’t saying why using value objects aren’t secure, your telling how to secure remote events.
What I mean is this part, how does letting the client view how many points he has not secure.
For example having an value object which says how many points a player has.
exploiters will need an extreme level of injection to read your scripts source. For this they would literally have to be on the same running permissions as a plugin.
And say we are going with them running on the same level as a plugin. They could literally bypass your entire security system. This means that people with that kind of access you cannot actually stop.
In terms of encypting a value, yes its possible, but nowhere near the extent that you can with a script.
If you have used a module that loads from a Id then that would be the only other way they can see your script, unless you made it publicly available. Either way its a very stupid thing to do.
And if you are on about them accessing the encryption through a module. Then somethings clearly wrong. You should never put enrcyption in a module or pass any kind of key through any means of communication.
Ok lets say for example you want it to display how much money a player has.
If the server changes the value it effects server and client
If the client changes the value it effects the client.
The exploiter can change the value locally, so the server still thinks everything is ok.
if they gave thereself a ton of money in that value and the local script then views the value. The local script will then be using the value the exploiter entered.
So? What’s wrong with that, the exploiter isn’t affecting anything on the server.
An exploiter could litterly make a money gui on the client having a insane amount of money but who cares though it isn’t affecting anything.
This is why you should always have the server check the values instead of the client, it isn’t safe to check from the client because the exploiter can mess around with it.
Yah assuming you have proper checks on the server the client changing his money value on the client won’t affect anything since the server has the real amount.
For example in a shop system you check if the client has enough money to buy the item on the server not on the client.
Example:
'on my local gui. the script just got the value from the object value. Now Im pressing to buy stuff. a gui uses a local script. The local script got the value from the object value which has been exploited.
Ok, no, a script is stored in memory too. They would need to decompile it, but that’s easy beans compared to most languages. Roblox’s permissions don’t dictate what hackers do.
Yah but like I said how is this affecting the server. Will it actually make the money go up? No it will only make it go up on the client. So when the client buy’s something the server will have the real value.
So you should have that local script fire a remote and then have a server script check if the player has the right amount of money, and if he does then the server script should grant the purchase
which means you still need a remote event lol.
I don’t think your understanding. Player1 starts of with 50.
player1, changes the amount of money: It only changes it on the client. Lets say he changes it by 25. Now he has 75
Server: Doesnt even know the value got changed since it doesn’t replicate to the server, thus making the server have the original value, making the server value 50.
so client wants to buy an item.
the item costs 60. You send a remote to the server asking the client to buy the item. The server checks if the player has enough. The value object on the server is still 50. So the server declines the request, not giving the item. Exploiter thinks hes all smart cause he changed his money to 75, but in reality on the server it’s only 50. So he doesn’t acutally get the item.
I do get it, the server will still have the correct value, so you can check it. But that means you need a remote.
You can encrypt a script more than you can encrypt a object value.
Literally the entire point. A object value is more limited in terms of encryption.
They are both dependant on remotes. But the difference is they will have to exploit the memory for a script. whereas a object value is literally in the workspace and visible.
So overall a script is more secure than using object values.
The only thing you need an remote is for buying the item, that isn’t related to value objects. If you want to change the value from the client then yah you need a remote. But there needs to be a reason why you need to change it from the client for example buying something. The server still has the original value the server is the one dictating if the person gets the item not the client.
for the server to have an up to date version of the data it would.
otherwise the client could be gaining money and none of it would go through to the server.
Does that matter? It doesn’t replicate to the server, so when it;s time to buy things his request will be declined since the amount on the server is lesser then what he exploiter it to be.
well if the server has to use the data to check the sanity of the client. then yes.
The server wont have anything if the client doesnt provide the info. so it wont have anything to compare it to.
You still aren;t getting it. You never directly set the value from the client and update it to the server.
Lets say if you click a gui you update the amount of coins. All you do is send a remote and the server updates the amout doing something like this. (You also need to impelemnt a leaky bucket so the client doesnt spam remotes)
on the server:
player.coins.value += 50
The server needs no only important. it only gets what’s needed. If your adding money to a player you don’t send the amount you want the money to be set to be you send a request, the server decides the updateamount.|
Tell me why the server has to compare his info with the client.
yes but that depends on the game. For example if you click a gui for money like a clicker game. otherwise what your going on about is making it so literally most of your scripts a server side. This wont be the case for a ton of games.
this means the server still needs info. lol.
so it needs no info.
but yet still needs to be updated. 
The info needed isn’t related to value objects.
We are talking about value objects here not remotes.
if you want to update an amount you send a request and the server performs the update it doesn’t need to compare itself to anything. If you want to make the money higher you only send a request and the server validates it and decides what to set it to not the client.