If there is an event that I check when it happens and I have to check it on the Client Side, and the action that will happen following the event will happen on the Server Side, how can I ensure that Cheaters will not fire the Remote Event with the information they want?
You would need to add sanity checks in the Server Side code, to ensure the data being sent is valid.
If the player wants to buy some item, the server should have the amount of money the player has, along with the cost of the item, and do it’s calculation from the Server’s information, not whatever the client sends in.
If the player needs to be within a certain distance of some object, you should check the distance between the player’s character and the object.
If cheaters want to, they will fire RemoteEvents with false/invalid information, that’s why you have to check on the server whether the information is valid or not.
There’s more information on how you can prevent cheaters in the documentation HERE.
As stated by Tyler,
yeah you need checks on the server. The same will also apply to RemoteFunctions too. Your 2-way communication should be always from client to server, not server to client (Check RemoteFunctions doc.). An exploiter may also fire wrong params so be sure to check the params too!
For example: Don’t fire remotefunctions through the server to client, thats dangerous in every possible way:
- An exploiter can put
task.wait(math.huge)
and the return callback on the server will get hanged forever. - An exploiter can pull off-chart information not safe for the server and any internal systems.
hope you understand this and how remote communication works with Cheaters
here are the possible options that you can do to make remotes more secure
- dynamic remote key
example :
→ client sends server a key
→ server checks if key is correct if so continue if not correct than kick
-
constantly changing name of remotes so exploiters cant just doo something like ReplicatedStorage.RemoteName:FireServer()
-
validating data and data types on server and adding server checks to make sure exploiters cant abuse
you can just check on server if client is not responding to the server
Yeah but still,
why waste memory on this just making a coruntine or whatever? Just use events