You can write your topic however you want, but you need to answer these questions:
What do you want to achieve? Keep it simple and clear!
Find a quick solution to prevent exploiters from changing attributes.
What is the issue? Include screenshots / videos if possible!
I set an attribute called “stamina” to a player every time they join the game to keep track of stamina changes and a GUI showing the stamina. The problem is I perform several attribute checks on the client-side for convenience purposes (Note that I don’t perform any attribute sets on the client) until I noticed while testing things that attribute sets on the client are registered by client-side checks. So if someone exploited and set their stamina to a large number, they can use skills as many times as they want.
What solutions have you tried so far? Did you look for solutions on the Developer Hub?
I do have a workaround for this which is making the checks on server-side but that would require more connections possibly creating more holes.
So is there a way for me to prevent the client-side from modifying the stamina or stop the client from getting the client attribute and the actual one instead?
I knew that because of Filtering Enabled, changes on the client won’t take place on the server but for some reason when you modify attributes on the client, Instance:GetAttributes() ran on the client gets the client value, not the server one.
The only ways I could think to send it is either get the server to modify it the tiniest bit (then shift it back if you want), which would rereplicate it, or do some :InvokeServer() stuff to get the real value. Honestly, it’s probably just better to have checks on the server that the client doesn’t use more stamina than it has.
That’s just unfortunately the nature of client side security. If someone really wanted to ruin your day, they could. Even if you did find a workaround to get the client to take the server side attribute, an exploiter (with scripts specific to your game), could inject a new script that bypasses that (e.g. just completely ignoring that attribute, or straight up flying).
I would recommend adding server security instead, rubber band the player if they’re moving too fast, etc. Movement is a little finnicky so you need to give players some leeway (for latency, etc).
Thanks. I decided to make a whole module for getting attributes from the server. For now the game shouldn’t have exploiters as there aren’t that many players but if I start getting reports of exploits then I will start working on server-side security checks.
