Security Issues with Part.Touched and RemoteEvents

Oswaulde · June 4, 2020, 12:24am

Hello everybody!
I have a concern regarding the security of my door system as it stands. Currently, how I plan to remake my door system is when a tool hits a part and the part happens to be my keycard reader, the server accepts it and it fires a remoteevent to the client which is performed with RemoteEvent:FireAllClients.

My main concern is regarding the security of my script, and whether exploiters will be able to grab a tool and open the door without a proper clearance to do so. How will I verify that the player has authorization to use the keycard to prevent people from using the keycard to open doors where they shouldn’t.

This is the Server Script of my old script, if you’d like to refer to it:

local Doors = script.Parent
local DoorA = Doors:WaitForChild("DoorA")
local DoorB= Doors:WaitForChild("DoorB")
local TweenService = game:GetService("TweenService")
local debounce = false
local status = false
local granted = Instance.new("Sound",DoorA)
granted.SoundId = "rbxassetid://200888468"
local opensound = Instance.new("Sound",DoorA)
opensound.SoundId = "rbxassetid://251885495"
local closesound= Instance.new("Sound",DoorA)
closesound.SoundId = "rbxassetid://257841640"

script.Parent.Model1.KeyCardRead.Touched:Connect(function(t)
    if t.Name == "Handle" and t.Parent.Name == "Keycard" then
        if not debounce then
          debounce = true
		script.Parent.Model1.Light.BrickColor = BrickColor.Green()
		  granted:Play()
		  wait(1)
          if status then
              closesound:Play()
          else
              opensound:Play()
          end
          --script.Parent.Sounds.AccessGranted:Play()
          --script.Parent.Sounds.DoorOpen:Play()
          TweenService:Create(DoorA.PrimaryPart,TweenInfo.new(1.5),{CFrame=DoorA.PrimaryPart.CFrame*CFrame.new(0,0,status and 2.5 or -2.5)}):Play()
          TweenService:Create(DoorB.PrimaryPart,TweenInfo.new(1.5),{CFrame=DoorB.PrimaryPart.CFrame*CFrame.new(0,0,status and -2.5 or 2.5)}):Play()
          print("Door Moved")
          wait(2)
          status = not status
          debounce = false
script.Parent.Model1.Light.BrickColor = BrickColor.new("Really red")
        end
    end
end)

script.Parent.Model2.KeyCardRead.Touched:Connect(function(t)
    if t.Name == "Handle" and t.Parent.Name == "Keycard" then
        if not debounce then
          debounce = true
script.Parent.Model2.Light.BrickColor = BrickColor.Green()
		  granted:Play()
		  wait(1)
          if status then
              closesound:Play()
          else
              opensound:Play()
          end
          --script.Parent.Sounds.AccessGranted:Play()
          --script.Parent.Sounds.DoorOpen:Play()
          TweenService:Create(DoorA.PrimaryPart,TweenInfo.new(1.5),{CFrame=DoorA.PrimaryPart.CFrame*CFrame.new(0,0,status and 2.5 or -2.5)}):Play()
          TweenService:Create(DoorB.PrimaryPart,TweenInfo.new(1.5),{CFrame=DoorB.PrimaryPart.CFrame*CFrame.new(0,0,status and -2.5 or 2.5)}):Play()
          print("Door Moved")
          wait(2)
          status = not status
          debounce = false
script.Parent.Model2.Light.BrickColor = BrickColor.new("Really red")
        end
    end
end)

KjRBLX · June 4, 2020, 12:31am

Just setup a clearance level. Add like a NumberValue to the keycard, and set the number when you give them a key. Add in to the script door script “and t.Parent.ClearanceLevel.Value == ClearanceLevel”

or >= clearance level.

Sharksie · June 4, 2020, 12:33am

You have conditions for giving the player the card in the first place, right? Use those same conditions.

UltraSkiMask · June 4, 2020, 12:34am

Don’t check on the client at all, just check if the door touches the card on the server. : P

EDIT: Didn’t read the whole post, give me a second.

Oswaulde · June 4, 2020, 12:35am

The issue with this is that there will be exceptions outside of regular conditions. E.g. a riot for example would be an irregular form of a condition where someone may have a clearance when they shouldn’t which is allowed.

Oswaulde · June 4, 2020, 12:37am

I think you are misunderstanding. There will be several cards depending on the player’s clearance in the group. I don’t think a NumberValue would be necessary.

Sharksie · June 4, 2020, 12:38am

Sounds like your best solution then is to just check if they have the keycard in their inventory. Unless you have some structured system for giving them the tool.

K_reex · June 4, 2020, 12:40am

Perhaps you can keep track of who actually is supposed to have a key card on the server.

i.e. have a ModuleScript on the server that is used to keep track of users who are supposed to actually have been given a key card, and check whether or not they’re in the list when they try to use the card.

Oswaulde · June 4, 2020, 12:46am

That is a very good point actually. I think the best option is to verify whether the player is on the correct team to have the keycard but could perhaps during riots could check if the player was granted or not to have a keycard. Thank you for your help.

Oswaulde · June 4, 2020, 12:48am

Thank you for your response. I think making a ModuleScript would be smart to avoid denying people the right to use keycards during riots or other irregular circumstances.