I have an entirely server-sided hunger system. It uses attributes for each player. Currently, I’m creating consumables for players to replenish their hunger with.
I plan to use a Tool.Activated() connection to trigger a remote event. This event will carry the name of the tool. Then, a server-side script will check for a match in a table.
For example, if the tool’s name is ‘Apple’, and the server script has something called ‘Apple’, it’ll provide the appropriate food amount. Otherwise, it won’t give any food.
However, I’m worried about security. Couldn’t a hacker exploit this by changing the tool’s name?
Yes, exploiters can spoof values and make the server think it’s something else especially if it’s something like passing a name to the server for it to check what tool they have
Instead of sending what type of food the player wants to eat, just send a generic request and then have the server check which tool is currently in the players’ character (when you equip a tool it goes into your character model), and then just check the name from the server; this way it doesnt matter if the client changes the name of the tool on the client because it wont replicate to the server
local Tool = script.Parent
local FoodValues = {
["Apple"] = 20,
["Orange"] = 30,
}
local GetFoodInfo = function(Name)
for i,v in pairs(FoodValues) do
if (i == Name) then
return v
end
end
return nil
end
Tool.Activated:Connect(function()
local FoodInfo = GetFoodInfo(Tool.Name)
if (FoodInfo ~= nil) then
local Hum = Tool.Parent:FindFirstChild("Humanoid")
Hum.Health += FoodInfo
print("Ate "..Tool.Name.." which healed you for "..tostring(FoodInfo).." health.")
Tool:Destroy()
end
end)
