Secret/ Hidden scripts

Hello, all! My name is Titanic, and I’m starting up a small tech company on Roblox. We are trying to create a closed system that allowes specific players to use scripts, and such. Think of how private modules work. We were thinking it would be easiest to use a website to get the code from. But there’s a problem with this. Users can see that website in the script, and then view the code we are trying to hide. As I, nor my team are experienced in html, or anything other than lua… We would like to know, how we can stop players from viewing code on the website, while allowing Roblox servers/ games to.

There is no way, I’m afraid, other than obfuscating your code, which still isn’t fool-proof.

IIRC in real life this is usually protected through a contract. I don’t think Roblox would be too happy if you started doing that too.

There is no way to hide scripts, and for a good reason. It allows malicious developers to write malicious code to do malicious things.

If you are truly worried about the hypothetical scenario of someone stealing your code, you can look into licensing.

Embrace the open-source movement.

Edit: Obfuscation won’t help because the code is still there

Why would you need Hidden Scripts, don’t all your developers have to see them?
Muwls

I would recommend you bring this to the Platform Feedback Forums and post about how it is hard to allow only specific users access to scripts while not allowing others to not be able to use the published script.

It would be cool to see a type of published script where you can add or remove access to certain players, or even sell the scripts!

Best of luck!

I think you can use the forums and reach out to big developers to see if they got any advice for you for secret/hidden scripts!

What you would have to use are http requests. Send messages to your server from the Roblox game, and act on the result the server sends back after processing it through your hidden code.

The link would have to be exposed in the source code, so this won’t work.

No, you have to run the processing in the backend with PHP, C#, Python or one of the other backend languages.

It’s too much work just for the sake of hiding your code though.

And you need to return the source code back to the script anyway so there can be something to execute.

Well, it’s just an idea. There must be some way just to return a result back, rather than the entire code.

If we’re going this route, then maybe public/private key cryptography? And then have a script that decodes the script.

Sounds good! Go for it! I don’t think it’s worth it though.

And I am respectfully telling you it won’t work because of that reasoning.

Licensing would work a bit better. It will scare malicious users away, and if it doesn’t and you catch them distributing your code without your consent you can start off with a “cease and desist” letter. If that doesn’t work you can take it a step further.

It’s just a matter of malicious users reading the decoded version.

@OP: Here is another question: is the product paid? @titaniclover201

I can agree with this. As @Frenchtoast0 said also though, I believe the better idea here is to go for licensing. Cryptography is very likely unhelpful in this situation, and is more complicated than it needs to be in order to do this “correctly.”

@titaniclover201 I omitted my answer because it was too crazily complex and not worth it. Basically, it’s impossible on Roblox. I would suggest using Roblox to learn, but if you are making a full on company, try a different game engine that’s more secure, such as Unity.

If you want only allow specific people to access data you need to create a private API that links to some sort of database such as mySQL, MongoDB or etc. that stores the scripts. In order to access the data you can just do a GET request including the api-key in the Headers.

Here’s how you can do a GET request with headers through Roblox API:
https://developer.roblox.com/en-us/api-reference/function/HttpService/RequestAsync

I recommend using Express.js for the web framework and Mongodb/Mongoose for the database since they are a bunch of tutorials online on how to set that up, but any kind of backend web stack should be able to work.