ReplicatedStorage or ServerStorage?

BillB1ox · April 10, 2022, 1:47am

Greetings! I once heard that ReplicatedStorage actually loads some stuff on the Client, while ServerStorage doesn’t.

And since my race place (For whatever reason) runs better than the Lobby, I am wondering if I put everything that contains Parts into ServerStorage, and getting it with a RemoteFunction would be better than just getting it from ReplicatedStorage on the Client.

The 2 things I want to know are,

How this will affect security (Would this open my game up to some exploits at all? The Client would be able to see these models still no matter what I do)
If performance would improve

Thanks in advance!

Treik_Sam · April 10, 2022, 1:54am

ReplicatedStorage is seen by both server and client. This means that anyone with SynapseX can easily access anything in ReplicatedStorage and steal it.

ServerStorage is shown to server only so hackers have no access to it. Not only that but ServerStorage is useful in avoiding putting stress on clients, especially with large maps that may take up alot of space or data.

Currently for a project I’m working on I use ServerStorage for alot of clientscripts(given to players via server scripts), clothing items, weapon items, and just a whole lot of other stuff. Typically you’d want to try and keep majority of larger or sensitive items in ServerStorage

BillB1ox · April 10, 2022, 2:02am

Alright. For people with the SynapseX exploit, people could see the models I put in ServerStorage anyways. I want to load some stuff into ServerStorage rather than ReplicatedStorage to put less stress on the Clients. If I do use the RemoteFunction approach, would it open my game up to other exploits?

Treik_Sam · April 12, 2022, 12:18am

Yes and No. Basically any game you make has the potential to be hacked especially RemoteEvents or RemoteFunctions. The simple answer to fix this is just to add a bit of security to your scripts. So for example

Lets say we tie a script event to a remote that does damage on players. A great way to find hackers is by putting a limit on the damage like

if damage>=1000 then player:Kick("Using hacks") end

Of course you’d probably want to ban them but this would be the quick and easy solution.

Essentially make things that are impossible, illegal in your game

BillB1ox · April 12, 2022, 12:25am

Alright, thanks. Also, it is map info, for example, their name, their creator, and their image. Not Players damage.

also, they could do something like this lol

for i = 1, 1000 do
RemoteEvent:FireServer(1)
task.wait()
end

to get past the limit lol

Katrist · April 12, 2022, 12:46am

Which is why you can implement more security checks like adding a remote event debounce.

TortenSkjold · April 12, 2022, 2:39am

You shouldn’t worry about filling up your ReplicatedStorage with stuff. It won’t hit the performance the way you might think. The real problem is that if you have all of it in workspace at once.

Edit: Tagged wrong person, whoops.

You should NOT be afraid of your stuff getting stolen, if you place it in ReplicatedStorage over ServerStorage, because in the end, it will land in the hands of the client. (Weapons, maps, models) if you in any given time spawns it in, in for example workspace.

Ahtoh13131423144235 · April 13, 2022, 1:25pm

Everything was said for me on the ReplicatedStorage and ServerStorage part.
About RemoteFunctions, anything in ServerStorage does not replicate to the client, therefore you can’t use RemoteFunctions to send them.