I have a question about the security of module scripts.
If I have a module scripts stored in ServerScriptService does this mean my module scripts are safe and secure from exploiters requiring them?
1 Like
The client cannot see anything with Server in them. ServerScriptService, ServerStorage, etc.
If you have a module that ONLY the server uses then yes you can put it in ServerScriptService or ServerStorage.
2 Likes
Clients (exploiters) can only access things replicated to the client.
ServerScriptService is not replicated to the client.
Even if a ModuleScript was in a replicated container like ReplicatedStorage or Workspace, the client does not have access to the “server version” of that ModuleScript. They are running on different machines.
3 Likes
Yes, however if for whatever reason you decide to either re-parent the ModuleScript (at some point while the game is running) or clone it and parent the clone to a location which local scripts (clients) can access then you’ll have a potential leak.