Options for Securing a ModuleScript?

Hello! I’m wondering what my options are for securing a localized module script. Basically, what I’m doing is having all of a player’s stats in a module script that the player controls (I know – bad idea, but for good reason). I can’t make the stats on the serverside because they update with framerate. They update at 60fps because they’re based on modifiers (like adding and subtracting within a given timeframe) and tween interfaces based off of those modifiers. The server will use a remote function to ask what the client set these values to when needed (the server doesn’t need this information very often so remote functions should not be a problem with performance).
My worry is that an exploiter will just change something by requiring the modulescript like looping their health to it’s max value or changing another value. What are my options to secure this system?

The client updates a modulescript with stats at framerate (it’s important the client does it). The server requests the client info when needed. How can I keep exploiters from changing values in the modulescript?

1 Like

Didn’t have to read the rest of the post. Answer is you don’t, you can’t and you shouldn’t. It’s the client’s machine, therefore everything is laid bare before them.

Depending on what kind of information you’re actually working with, you probably don’t need to secure this at all. Exploiters changing values won’t matter since they’re only affecting themselves. If the server sees it, make sure it’s scrutinising the client’s sending data heavily.


IMO it might be good to restructure your system then. As @colbert2677 said, you can’t secure client-side code. Client-side code can be exploited. I would recommend trying to restructure so that your server becomes the single point of truth for your data, not the client.