Hey seranok why don’t you try to get this 
174305863
Groups are sensitive about their technology leaking, and it’s a pain to replace scripts in multiple places where assets appear, compounding on if the asset maker does not have direct access to the places. Modules offer scalability, and (after Seranok’s suggestion [if it works]) security at roughly the same level as before, and allows the asset maker the ability to maintain the code base for all of the assets autonamously.
[size=1]also I think it says something that simplicity can certainly be better security: Seranok had to escalate to stealing the source versus mew’s which he didn’t. Seranok’s proposed solution embodies this idea quite a bit more than mine, even.[/size]
In mew’s case I did steal the source each time, and then used that to find four additional exploits in his module. But you are correct that his code was overly complex, and that contributed to all of its vulnerabilities.
[strike]
I think, based on what I know and think I know, that this will be sufficient:
script = nil
local game = getfenv(0).game
if game.CreatorId == 0 then
--blah blah blah
end[strike]
unless, of course, if you can fool it by overriding the game global at fenv(0) [size=1]which I’m not really sure will help anything because it might be the level of the script and therefore any manipulation beforehand will affect it… but if I try something I might get an answer and then learn something.[/size][/strike]
I re-evaluated what I think I know, and I’m pretty sure [font=consolas]local game = getfenv(0).game[/font] is the wroonngg way to do it.
Can someone please write a whole wiki page article devoted to securing modules?
Knowing things like this before diving straight into new projects would have been very useful…
To be honest, if I truly didn’t want someone to gain unwanted access to my Module’s environment, I simply sandbox the returning function’s environment. Example -
[NOTE - Following code was written quickly. May contain errors]
local FunctionToExecute()
function FunctionToExecute()
return "You got me";
end;
end;
local OnError
local error=error;
function OnError()
error("The API you've requested is not available at this time.");
end;
setfenv(OnError,{});
end;
local ReturningFunction;
local game=game;
function ReturningFunction()
if (game.PlaceId==12345) then
return FunctionToExecute;
else
return OnError;
end;
end;
setfenv(ReturningFunction,{});
end;
return ReturningFunction;The above method will deny anyone attempting to snoop into your environment any access, protecting your variables AND your Module. Additionally, if you happen to still need access to the “script” variable…
local script=script;
getfenv(0)['script']=nil;Stores the “script” variable locally so you still have access, keeps the pesky trolls away.
Could secure module with a password. Js.