Plugins are very difficult to view the code of and audit unless you know what you are doing. Furthermore, plugins can have encrypted/obfuscated or other methods to hide malicious code.
3 Likes
Itās clear that Roblox wonāt keep Private Modules, so Iām just asking for them to delay the removal until we can get a functioning alternative that can help developers protect their IP and source, with methods like sandboxing or permissions.
This would be beneficial for everyone involved, malicious modules would go and developers who need to protect their code would still be protected.
I feel like Roblox should talk to developers and get their suggestions on how to move forward and create a great solution to Private Modules without harming people who use private modules to support their workflow.
7 Likes
I completely agree with this, but that doesnāt mean you remove the feature without providing a good alternative.
And it will keep happening even after this update. Tons of people will still be affected by it. Exploiters will just obfuscate their code.
Untrue, most admins arenāt open source. Most of the ones Iāve seen used in games are closed-source.
I do care about my customers, but, letās be honest, if I open source, what is the likely hood I will receive even a quarter of what I did before?
3 Likes
I 100% agree. The reason I am most annoyed about this is that Roblox is making us wait up to a year for an official alternative.
5 Likes
You can find a plugins source by looking in file explorer, and there is not much a plugin can do without being noticed. Obfuscated code running in studio is definitely not as dangerous as hidden code in a game.
1 Like
Obfuscated code is not as dangerous (and is easily spotted) as hidden code.
Adonis Admin, the most used admin, is completely open source.
The likelihood is quite high, as your competitors would stop selling due to the update.
1 Like
That isnāt the point. If my code is open source no one would pay for it because they can easily get it for free.
As I said, it is difficult to view the source of plugins. Most users donāt knowā¦
- How to access the Roblox directory
- The methods of finding the right folder
- Importing the
rbxmfile into studio
Also,
- Security is on the developerās part
- Most users still donāt know how to look for potentially malicious code.
This is technically correct but again, most users donāt know how to look for malicious code.
1 Like
Additionally, weāre not asking for private modules to be kept; weāre asking for Roblox to delay this change until we can get a viable replacement. This way, people who rely on them for an income wonāt have negative effects.
Many people, myself included, have provided methods to improve modules and to make them better for everyone.
3 Likes
Yes, if it wasnāt clear before, I donāt want them kept, I just want a viable alternative before they are removed.
2 Likes
That is actually incorrect. Plugins can implement backdoors, not even having to be a private module. They can easily parent an admin script somewhere and boom. No private module used, but a backdoor was implemented.
4 Likes
A patch for irregular places to run scripts was sent out in this thread however plugins can still place scripts in regular places and developers may not notice them. This is why it is ultimately up to the developer to implement security and regular checking of backdoors and exploits, especially now that we have tools provided by other members of the DevForums (e.g., Chrisbru01ās Backdoor/Infection Detector).
However, that being said, most backdoors often use methods of obfuscation and directly require a private script module so that they can be updated constantly (whether it be allowing for more users to use the exploit if it includes a whitelist). Removing private modules is ultimately the most efficient way of removing all/most of the backdoors that games contain.
Then they should let us properly make paid modules we can sell.
1 Like
I disagree; the security of your places is on you, not roblox. Youāre dumb enough to get backdoored? Oh well. Solve the problem and donāt do the same thing again.
1 Like
Even though it is ultimately up to the developers to ensure the security of their game, those that donāt have experience in patching bugs will ultimately, at one point or another, end up sending Roblox a massive support email as to where they went wrong. In turn, Roblox gets tons of emails that could in general be avoided if private modules were removed and maybe even help speed up the speed of customer service replies.
1 Like
This update wonāt change that. If you donāt have that experience, chances are, you canāt spot potentially malicious (obscured?) code.
Not only is this not relevant to anything Iāve said, but itās another massive leap in logic. Iāve not implied anywhere that by open-sourcing modules the issue of misuse will be fixed. Of course, it wonāt but itās a step in the right direction for modules as a whole.
Your concerns with the number of people who utilise private modules are wellfounded, Iām with you on that note. I do see how many people itāll affect, but everyone has been given a fair warning and now itās their time to form a solution. This reminds me very much of the āremoval of loadstringā posts a while back, itās also those fringe groups (of which Iām part of) who are always against change.
However, about the updates at any time. Iām not too sure since I havenāt taken a look into how LinkedSource works at the moment (as in the past, the source was evaluated in Studio). But if itās evaluated at runtime, simply having a ModuleScript with the LinkedSource of the module you want to use. Functionality will not change 
.
Re-think what you just said. 
Okay, Iām not sure how much I should disclose but hereās a cool case study that is still running to this day.
A few years ago, a friend of mine published a public module purporting to do something interesting and it does exactly that. But by the nature of their obfuscation itās practically impossible to tell what is going on, and what it actually does is send analytical information to their google analytics page.
At any moment in time, they can update this module to do whatever they want. Iām fairly sure Seranok will remember this module as it was discussed on the old forums but no one has yet figured out what it does.
By shutting off the private modules, Roblox removes a large majority of the backdoors that exist out there. Most of the backdoors are based upon private modules so most developers, no matter the experience they have with removing backdoors, wonāt have to go through the pain of having to track down a backdoor.