Using a repeat loop with wait in the script to find the “Security” RemoteFunction was a deliberate choice. While we could have used :WaitForChild() for a quicker wait, we decided on the repeat loop to make sure the client consistently checks for the RemoteFunction’s existence. This way, even if the RemoteFunction’s name changes or it’s created later, the client script won’t miss it. It’s about being adaptable to changes in the server’s setup.
Now, about creating the RemoteFunction dynamically with Instance.new(), you’re right that :WaitForChild() is usually recommended to avoid latency issues. However, in this specific script, our main concern was ensuring that the client keeps searching for the RemoteFunction. While latency is important, maintaining a reliable reference to the RemoteFunction was crucial in this situation.
You’ve raised a valid point regarding potential exploiters trying to mess with client-side code and using tools like “RemoteSpy” to intercept secret keys. It’s important to note that this script isn’t a complete anti-exploit solution. It acts as a foundational layer of defense. To enhance security, we’d need additional layers of protection and obfuscation to make it harder for exploiters to manipulate the system.
You might be confused, since I’m not American and my native language is not English, I use DeepL to communicate or to correct any grammatical mistakes I make from time to time.
And yes, I know RemoteSpy, but as I said 3 times here, the script I sent you is just a starting point.
Thank you for sharing your expertise. While this script isn’t foolproof, it’s a starting point for those looking to enhance security.
I took a look at your thread, see if you are now satisfied:
LocalScript:
local ReplicatedStorage = game:GetService("ReplicatedStorage")
local remoteFunction
repeat
remoteFunction = ReplicatedStorage:FindFirstChild("Security")
wait(0.7)
until remoteFunction
local inputCode = "code1"
local checkInterval = 5
spawn(function()
while true do
wait(checkInterval)
local success, result = pcall(function()
return remoteFunction:InvokeServer(inputCode)
end)
if success then
if type(result) == "string" and result == "code2" then
print("Received code2 from the server.")
end
end
end
end)
Script 2 (Server):
local ReplicatedStorage = game:GetService("ReplicatedStorage")
local remoteFunction = Instance.new("RemoteFunction")
remoteFunction.Name = "Security"
remoteFunction.Parent = ReplicatedStorage
local secretCode = "code1"
local playerRequestTimes = {}
local maxRequestInterval = 5
remoteFunction.OnServerInvoke = function(player, inputCode)
local currentTime = tick()
local lastRequestTime = playerRequestTimes[player]
if lastRequestTime and (currentTime - lastRequestTime) < maxRequestInterval then
return false
end
playerRequestTimes[player] = currentTime
if type(inputCode) == "string" and inputCode == secretCode then
return "code2"
else
return false
end
end
What you could do though is use encryption (ex AES-CBC) and StepNumbers, that would be the very least in terms of security,
But if you want to take it a step further, make a client anticheat in addition to your server one and add Anti HookMetaMethod, Overflow Checks, and even CoreGui checks which are all easy to make (from my perspective)
Here you are misleading new developers by using ChatGPT to get easy likes, however what you are actually doing is making yourself look inexperienced and making other’s game security weaker and easier to attack for exploiters.
I was talking about handshakes, + you are still not using :WaitForChild and you are still not using the task library which is way more optimized than spawn and wait.
This is an unoptimized method, please use :WaitForChild when possible as it is written in C++ (not lua) and is essentially the same thing as you are doing, except it will be way faster.
This will never work because the client can see all code so the client can see the “Secret Code”, the only way to establish secure connections between the server and client is to make a algorithm that is not the same on the client and server which will get the same awnser defining the server as the server, i don’t know exactly how works so this might be all wrong however it is the basics. It is however pointless
I remember making something like this when I was new to programming in 2018. It certainly doesn’t prevent exploiters, because they can always just intercept the code with their own substitute script in place of the clientside script you expect the user to have, but it is a fun starting place to learn from.
The most you could say about these types of systems is that it makes it a little more difficult for exploiters to mess with your game. Certainly the vast majority of exploiters wouldn’t even know where to start, but the problem is that it takes only one smart person to make the counter-counter-exploit and then all the newbie hackers can just use that one.
While the criticism in these replies can be uncharitable and discouraging, I agree that this does not belong under #resources:community-resources only because it could lead less experienced developers to using a tool which does not work as advertised. Perhaps #help-and-feedback:creations-feedback could be an appropriate place for more balanced feedback.
The only way to stop exploiters effectively is by making no client to server communication where the client makes the server believe something the client says is true
I don’t believe I’m a great programmer. I’ve been programming in Luau for just under a year. When I sent this, I really envisioned (and still do) that this is better than simply leaving the scripts completely unprotected. That’s why I said:
Of course, this is just one approach.
But anyway, no one seemed to understand that it was just an attempt to improve script security. The world needs people like you, and thank you for the suggestion. If I create another script like this, I can post it in #help-and-feedback:creations-feedback.
this idea of “security” codes will never work for two reasons
exploiters have remote spy and see the arguments passed in
exploiters can just view local script’s source and see the key right there (and no you cant get the key from the server through a remote event, that goes back to reason 1)
instead of trying to secure on the client side, you have to do it on the server side
for example if you want something to happen to an instance, make sure that instance exists on the server and the player is allowed to make that change
if you have admin commands, check permissions on the server
add sanity checks (double checking things are all good on the server before executing any code that will modify the game)
(these are very basic because it will take a long time to write everything out)
Dude I can’t comment much on the module cause I barely use RemoteFunctions but keep your head up bro, you gotta fail before you can succeed; its how winning is done