So in my game, i’m pretty limit about remote events especially client-to-server since, well, they’re very much exploitable, the only instances where i have to use FireServer() is from the tools and a simple single purchase event but those are mandatory, in fact there are like 200 FireClients() than 17 FireServer(), so is this a good practice or not?
The only thing u should care of is, when u fire to the Server u should secure it. Like if the Price for a Car is 100, u should check in the Server, if the Player has enough money, or if a player is inside a Table and a player cheats and send again a remoteEvent to insert a Player again to the table, u should check in the Server if the Player is in the Table, if you dont do these, yes your game is exploitable.
2 Likes
The number of times you specify the client to FireServer doesn’t change the risk of an event being exploited, as they’re able to spoof and fire an event whenever. Even if you have a RemoteEvent/RemoteFunction instance that the client isn’t referencing locally, an exploiter may fire garbage at it to see what happens. Don’t worry too much about creating hurdles like limiting when/where the client fires events, as that sounds like making additional work for yourself only. If the server is listening for an event, securing it will be enough.
2 Likes
Everything that can possibly be done on the server should be done on the server (unless of course, it is involving NetworkOwnership and you need to account for lag).
I personally, would go the other way, put as much as possible on the client, only using the server for sanity checks, as in verifying client actions, nearly everything should be done on the clients, with the server only storing the minimum amount of data needed. In doing this, the client can determine what should be visualized, instead of the server replicating information that might not even be relevant to some clients.
I have a big server-sided script that handles everything that is related to Character functions and touched events, do you think i should use a fireserver() and specify what part the player is touching as a parameter?
Maybe it’s a balance? The client would then need the server to see other clients, but this would be good for a single player game.