This works so good, and because of the module, it really help for beginner.
Okay, but the server still has a key to unencrypt your .ROBLOSECURITY to login to the account on the Roblox side. Roblox doesn’t just accept encrypted cookies for a login, it has to be the actual cookie.
How can this be a secure system if the server knows what all .ROBLOSECURITYs are, again, in Plain Text?
1 Like
I think this is more for beginner who can’t use noblox js etc kinda thing, cause yeah it seems very easy to use.
Hey I think you have discord bot for this too right?
You can get servers nowadays for basically free. (and domains, with github pages)
No, you’re supposed to create it yourself.
Your missing the point of this project, making a roblox bot is not difficult, this is built to be as user-friendly as physically possible. We are talking about developers who want to quickly prototype ideas, who may have never coded in anything other than lua and now they are being told to get a server set up hosting… If someone told me that when I first started coding lua, I would have given up.
If you don’t like the way it works don’t use it, there are a multitude of alternatives, even ranging from writing your own from the ground up. Not to mention you should always work on the least permissions required, the bot should be no higher than it needs to be, only have permissions to say change rank, (not exile etc…) and shouldn’t have any robux or edit access to games.
Basically, if you want to make your bot and host it you can and there are millions of tutorials on that, you can even repurpose the API wrapper to fit around you own API.
the server encrypts the cookie and store inside the database and only unencrypt it when needed and it never store your cookie in plain text
and please read about SSL before claiming that the website is sending cookies tot he server over plain text.
Out of curiosity are people opting to use the module or write there own API wrappers?
1 Like
I know how SSL works. Try to not be aggressive when you are in forum.
The cookie is sent over the server unencrypted, then stored as an encrypted key. The owner of the site has the key to the cookies.
In a secure system, the cookie is sent over as salt hash, which is then encrypted. This allows the server to compare salts, instead of plaintext to verify data, so it never needs knowledge of the original data.
In this system, however, the owner of the website needs to be able to actually use the cookie AS IS. This implies that they have full access to the cookie, and can access its “plain text” version at any point, despite being “encrypted”.
The reason the cookie needs to be used AS IS, is because they need to make API requests on your accounts behalf through Roblox. They can’t do this with an encrypted cookie, since it needs to be the actual thing.
sorry i wasnt trying to be agrressive sorry if I was aggressive to u
another way is user put in their roblosecurity and a encryption key then the server will use the encryption key provided by user to encrypt the cookie and store inside the database
when sending request to the API just provide the key to decrypt so the server can use it to decrypt the cookie without the owner having full access to every cookie
also don’t log the encryption key
since its also open source so we can trust it