Security Code issue

Obj_ective · July 2, 2020, 4:56am

I have remote event security.
It will be communicating by security code.
The client, is printing nil after doing FireServer() on the remote.
However, when printing the security code after generating it, it does not print nil surprisingly.

It’s as if there is a delay.
Any suggestions or solutions to this issue?
C stands for client.
S stands for Server.

megatank58 · July 2, 2020, 4:57am

Can you show the part where you’re firing it and give bit more info?

sjr04 · July 2, 2020, 4:57am

I think you should show a bit of code. And that is not security. That is security through obscurity

Obj_ective · July 2, 2020, 4:58am

Local script.

local sc = game.ReplicatedStorage.PlayerCodeEnabled.GetPlayerCode:FireServer()
print(sc)

Obj_ective · July 2, 2020, 4:59am

The server is using a module to generate a security code.
Length is 100.

sjr04 · July 2, 2020, 4:59am

RemoteEvent:FireServer does not return anything. Did you meant to use a RemoteFunction and use RemoteFunction:InvokeServer instead? Either way I recommend an authoritative server rather than sending an obfuscated key.

megatank58 · July 2, 2020, 4:59am

You are printing The Remote event path which is it’s connection you use it as

You should use RemoteFunction if you want to return values

bt5191 · July 2, 2020, 5:01am

To get data from a remote you must use RemoteFunctions and invoke them.
SAMPLE

-- client
local rf = game.ReplicatedStorage.RemoteFunction
local key = rf:InvokeServer()

-- server
local rf = game.ReplicatedStorage.RemoteFunction
rf.OnServerInvoke = function()
     return -- whatever
end

By the way, I’m pretty sure exploiters would just extract the key with __namecall if need be so there’s no security in doing this.

Obj_ective · July 2, 2020, 5:02am

Yes, I know how to use remotefunctions already, don’t need to have a sample, but thanks.
But thats the thing, it will return modules to the local scripts and if the remote functions or remote events or whatever is fired more than once, the player gets banned.

bt5191 · July 2, 2020, 5:04am

__namecall can be used by exploiters to catch the key when the server returns it anyway. They don’t need to invoke the server to get a key, they can literally track the key through metatables. If you want true security, secure your remotes on the server-side where exploiters have no control over. In any case, the reason why your thing is printing nil is because remoteevents can’t return data.

Obj_ective · July 2, 2020, 5:05am

I have just explained this.

It will return modules to the local script to use only once.
After recieving, there’s no need to fire the remote again.
So if it’s fired again, the player will get banned because it’s being fired more than once.
Unless they auto-execute on the game join, they cant track it.

sjr04 · July 2, 2020, 5:06am

Then there is no point in “passwording” your remotes if the remote will only ever be used once

bt5191 · July 2, 2020, 5:07am

__namecall does not involve refiring the remote. It involves tampering with the remote on the client side and effectively allows exploits to collect data sent through it without firing the remote again. Again, you’re wasting your time doing this but again, responding to your issue, it’s because you are using a RemoteEvent. If you need more clarification on what I’m saying, pm me.

edit:

reply: Glad I could help. : )

Obj_ective · July 2, 2020, 5:11am

Thank you for the solution.
I should have not put suggestions in this post.
30 characterssssssss.