Securing a BoolValue that is accessed by a LocalScript

Hi everyone!
I am trying to make a spawner and the way I’ve made it work is by using BoolValues located inside ReplicatedStorage. e.g. If BoolValue == true then let player spawn x item.

Problem is, you can just set the BoolValue to true on the client and it will show up in my list of things the player can spawn. What is the best way to go about making it so that the client can’t modify it etc? I would also be open to other methods on how to check if a player owns a certain item or not. BoolValues is just the only thing I can honestly think of.

Here are the scripts and everything else for context:

LocalScript (Script inside Gui)

function getBoats(player)
	
	local plr = tostring(Players.LocalPlayer)
	
	for _, boats in pairs(ReplicatedStorage.Players[plr].Boats:GetChildren()) do
		
		if boats.Value == true then
			local button = script.ImageButton:Clone()
			button.Parent = script.Parent
			button.Name = boats.Name
			button.TextLabel.Text = boats.Name

ServerScript (Script creating the folder structure)

Players.PlayerAdded:Connect(function(player)
	
	local rs = Instance.new("Folder")
	rs.Parent = ReplicatedStorage
	rs.Name = "Players"
	
	local rsp = Instance.new("Folder")
	rsp.Parent = rs
	rsp.Name = player.Name
		
	local rsb = Instance.new("Folder")
	folder.Parent = rsp
	folder.Name = "Boats"
	
	local boat = ReplicatedStorage.Boats:GetChildren()
	for _,boats in pairs(boat) do
		local value = Instance.new("BoolValue")
		value.Name = boats.Name
		value.Parent = rsb
	end
end)

Folder structure
image

Thank you for any help! :slight_smile:

The only way to fully secure this is do everything involving setting the value on the server.
It’s easier to just do that instead of making it as secure as possible on the client, because there’s always somewhere you’ll miss trying to secure it on the client.

How would you go about doing this? I thought about moving all the BoolValues to ServerStorage but then I realised my LocalScript wouldn’t be able to see the values at all. Script-wise, all things modifying the value of a BoolValue is done server-side, however an exploiter can just open dex and set the BoolValue to true manually themselves.

I can’t really think of a way to make my LocalScript check if the player actually purchased an item or if they just set the BoolValue to true themselves without buying anything.

Sorry my brain stopped working with my first reply, when setting it must be done on the server, but when checking the value, if you want to do it from the client then you could use a remote function call to the server that sends back the actual value of it. That or just check from the server to begin with if you wanna convert your localscripts to server scripts

1 Like

Can’t believe I didn’t think of this. Works a treat, thank you! (Used a remotefunction to return the BoolValue from the server) :+1:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.