RemoteEvent Password Tutorial

Hello Developers!

~ RemoteEvents Password Tutorial ~

~~ [a password for events is needed so that attackers do not attack your game] ~~

example shown on GUI

~ Creating “BoolValue” and rename to “Status” ~
~ moving "Status’ to regular script ~

Regular Script:

local Debris = game:GetService("Debris") -- Debirs

script.Parent.MouseButton1Click:Connect(function() -- Click on button
	local remPass ="StringValue") -- passString
	remPass.Parent = script 
	local genPass = math.random(0,999999) -- password
	remPass.Name = genPass
	remPass.Value = game.ReplicatedStorage.AntiFire.Name -- Way To RemoteEvent
	Debris:AddItem(remPass,.5) -- timeDeletePassword
	script.Status.Value = true -- Status Activated
	task.wait(.1) -- using "local function" to remove the button cooldown
	script.Status.Value = false -- status Deactived

~ Local Script using for FireEvent ~


local Debris = game:GetService("Debris")

	if script.Parent.ActivatedScript.Status.Value == true then -- check status
		for i,v in script.Parent:GetDescendants() do -- search pass file
			if v.ClassName == "StringValue" and v.Value == game.ReplicatedStorage.AntiFire.Name then 
				local genPass = v.Name -- password to fire
				game.ReplicatedStorage.AntiFire:FireServer(genPass) -- the event will check the codecode


game.ReplicatedStorage.AntiFire.OnServerEvent:Connect(function(player, genPass)
	for i,v in player.PlayerGui.ScreenGui.TextButton:GetDescendants() do -- search pass file
		if v.ClassName == "StringValue" and v.Name == genPass then -- pass file
			-- Code



Will test this out in Studio and see if there are any vulnerabilities with this. Thanks for sharing this!

1 Like

There are vulnerabilities only if you look at the source code.
it will be very difficult to find a vulnerability through dex and simplespy!

This offers minimal protection as exploiters can easily access both the password and the data transmitted through remotes. If you want to safeguard against exploiters triggering your remote events, it is crucial to ensure the validity of each request on the server side.


a script does not see the server, it can’t be done.

Exploiters can easily bypass that, the only way to protect remote events is fake arguments or cooldown or serverside checking within the event.

An exploiter can use remotespy to check its arguments.

I am planning to make a module that will watch your remote events.
This method can easily fix the server crash exploit.

and since this is a tutorial it should be in #resources:community-tutorials


That’s right, module! I completely forgot about him

I made a normal anti-cheat for remotevents [Password]*

first off, passwords won’t add protection as exploiters can get it by a script, if it’s from the server, they can get to a client script that uses the remote and view the source, so it obviously won’t work

You can just remotespy to see the remoteevent password.

1 Like

no, it’s impossible, I’ve tried everything

nothing will help, just copy these scripts and add to your studio, and try to get the password, it’s impossible!.

the password from the button is transmitted through RemoteEvent, and the correct password is only in the module, when the player presses the button, only if the password is generated and transmitted to the module, it is impossible to get the password without pressing the button, because it is in the module

too annoying to use for everything important in your game, there are better strategies other than that.

give examples, I’m very interested. and I made this system for fun

just check on the server, you have just given an example for a case that would occur very rarely in fact

sorry, I confused this forum with another

This has to be one of the easiest password systems to bypass.

    local password = child.Name

Forgot to mention, when firing remotes faster than 0.1 seconds, packets will be dropped.
Also forgot to mention, make the instructions (and scripts) clearer.

1 Like

You’ve clearly tried nothing. If you actually need to implement a password system then you need to rethink your codebase. Obviously you are using a classic SetMoney:Fire(1091991991919) remote form the client :rofl: