Secure tool type check

ArtFoundation · June 5, 2020, 11:17pm

What’s the best way to do secure tool type checking?

Basically, you call the server to check that the player is actually using the tool they state they are and that it is not a different tool or a tool they don’t have.

I want to make sure a player using a pistol doesn’t trick the server into thinking they’re using a sniper rifle even if they have it.

This has to be server-sided and safely done from the client.

(I have no code because this is a question to ask how to create such code but not requesting the system itself coded)

sjr04 · June 5, 2020, 11:18pm

How is this structured? Are you passing the tool they are using to the server? For what reason?

ArtFoundation · June 5, 2020, 11:27pm

So, they will raycast from the client-side and send a signal to the server to deal damage and etc to a target humanoid.

The server will check from a list of gun statistics and etc to facilitate fire rate beforehand when the player is going to prompt shooting through a RemoteFunction and get the maximum distance a bullet can travel after a shot.

Then, it fires a ray from the player’s character towards the other humanoid with a bit of leeway (5 studs maybe?) since the gun tool isn’t directly at the center of the player’s character to check if the distance is correct.

Not sure what you mean by reason but I am just trying to secure the overall process of the player doing what their gun is supposed to do correctly. I also would check if the player has a Tool in their character first before any of the checks in case they are falsely trying to “shoot another humanoid”.

ClientRecon · June 6, 2020, 4:27am

I guess you could try to see if theyre holding the tool

YourEvent.OnServerEvent:Connect(function(plr)
   if plr.Character:FindFirstChild("Glock") then --check if player is holding a glock
       print("glock used")

ArtFoundation · June 6, 2020, 4:37am

Name property can be exploited. I need something that is impossible to exploit?

ClientRecon · June 6, 2020, 4:38am

Exploiters can just do everything client side right?
Changing the tool name throught the client wont replicate through the server

ArtFoundation · June 6, 2020, 4:40am

What about when it’s equipped on their character? Anything done in the character is replicated to server.

ClientRecon · June 6, 2020, 4:44am

Why would they be even able to equip it in the first place? Do you store them in the ServerStorage? Or you meant that they can place the Sniper from theyre backpack into theyre character in this case you should have a system that checks the character to see if they have 2 tools at the same time and if they do then kick them

emperormicah · June 6, 2020, 4:45am

This isn’t true. Mainly physics and animations are replicated, names of objects and stats like health aren’t.

ArtFoundation · June 6, 2020, 4:50am

So it’s safe to use .Name on any tool found on them then?

emperormicah · June 6, 2020, 4:52am

Yes. Read this article: Client-Server Runtime | Documentation - Roblox Creator Hub
The “exceptions” section will tell you what replicates from the client to the server; everything else doesn’t.