I’m too proud to say I was wrong
Every day is good for learning something new lol
2 Likes
I don’t remember where I’ve seen it. But I do know it is true.
It’s likely stated in the Luau docs as well.
This will never work because the client can see all code so the client can see the “Secret Code”, the only way to establish secure connections between the server and client is to make a algorithm that is not the same on the client and server which will get the same awnser defining the server as the server, i don’t know exactly how works so this might be all wrong however it is the basics. It is however pointless
2 Likes
I remember making something like this when I was new to programming in 2018. It certainly doesn’t prevent exploiters, because they can always just intercept the code with their own substitute script in place of the clientside script you expect the user to have, but it is a fun starting place to learn from.
The most you could say about these types of systems is that it makes it a little more difficult for exploiters to mess with your game. Certainly the vast majority of exploiters wouldn’t even know where to start, but the problem is that it takes only one smart person to make the counter-counter-exploit and then all the newbie hackers can just use that one.
While the criticism in these replies can be uncharitable and discouraging, I agree that this does not belong under #resources:community-resources only because it could lead less experienced developers to using a tool which does not work as advertised. Perhaps #help-and-feedback:creations-feedback could be an appropriate place for more balanced feedback.
The only way to stop exploiters effectively is by making no client to server communication where the client makes the server believe something the client says is true
I don’t believe I’m a great programmer. I’ve been programming in Luau for just under a year. When I sent this, I really envisioned (and still do) that this is better than simply leaving the scripts completely unprotected. That’s why I said:
Of course, this is just one approach.
But anyway, no one seemed to understand that it was just an attempt to improve script security. The world needs people like you, and thank you for the suggestion. If I create another script like this, I can post it in #help-and-feedback:creations-feedback.
this idea of “security” codes will never work for two reasons
- exploiters have remote spy and see the arguments passed in
- exploiters can just view local script’s source and see the key right there (and no you cant get the key from the server through a remote event, that goes back to reason 1)
instead of trying to secure on the client side, you have to do it on the server side
for example if you want something to happen to an instance, make sure that instance exists on the server and the player is allowed to make that change
if you have admin commands, check permissions on the server
add sanity checks (double checking things are all good on the server before executing any code that will modify the game)
(these are very basic because it will take a long time to write everything out)
1 Like
Dude I can’t comment much on the module cause I barely use RemoteFunctions but keep your head up bro, you gotta fail before you can succeed; its how winning is done
You dropped this king 
2 Likes