I found that even though parts created through local scripts don’t exist on server-side, that doesn’t stop players from physically interacting with those parts anyway.
Since I did all of this through a local script, I’m thinking that exploiters can do the same. Since I’m making a platforming game, I think designing levels in such a way that the solution can’t be accessed using spawned in parts would severely limit the creativity I can put into the solution. I also think adding checks for each level would be tedious and prone to raising false positives. So what can I check for to see if there are unacceptably spawned in parts? Can exploiters even do this?
Exploiters can exploit all things that are on the client, even things that were created on the server (ofc that assumes that the object is in a place the client can access, and this also wont effect the server as its only on the client.)
Overall I dont think its much worth trying to stop this, as they will find a way around it everytime you find a solution, so unless you’re like giving away something really valuable or exploiters would ruin everything, I wouldnt worry about it.
That and exploiters could just teleport to the end of the game. So at that point Im not sure if its worth it for this kind of game
now if you still really want to secure it as much as you can, some details might help, for instance why are you creating that part on the client? What is it going to be for? etc.
If your exploit concerns can be detected from the server, then I would suggest using a server-side based anti-cheat system, similar to the one in my profile unless you want to create your own system.
The image I posted is just a proof of concept. I’m not actually going to be creating anything using local scripts. I’m just concerned about the extent of what exploiters can do. In this case, can they create their own parts? Or, as you’ve mentioned, are they limited to manipulating the parts that I place in workspace?
I don’t think I can detect parts that don’t exist on the server. Right?
It won’t matter. If your concerns are the basic (4); speed cheating, flying, teleporting, jumping, then all of those can be detected from the server. Anything else client related will require the server to do it’s own sanity checks, so players are not firing events they aren’t suppose to from the client, etc.
