Sending Sensitive Data to the Client

Help and Feedback Scripting Support
1
  1. What do you want to achieve? Keep it simple and clear!
    I am making a game where you basically guess a players password (NOT REAL ROBLOX PASSWORD A RANDOM ONE MADE UP IN THE GAME) for rewards. My issue is with the minigame in where you guess said password. There is a ui that allows you to guess it but the problem is one of the textlabels need to have the players real password in it.
  2. What is the issue? Include screenshots / videos if possible!
    The problem is, I am sending sensitive data (players session password) to the client but I want to know if there is any other way to do it without sending the information to the client.
  3. What solutions have you tried so far? Did you look for solutions on the Developer Hub?
    I tried to set the players GUI through the server but that did not work.
function SendPasswords(profile, player, realpassword)
	if not profile then
		print("No Profile")
		return
	end	
	
	if not player then 
		print("No Player")
		return
	end
	
	if not realpassword then
		print("No Real Password")
		return
	end

	local fakepasswords = passwordGenerator(realpassword, profile)
	
	ShowPassword:FireClient(player, fakepasswords)
end

-- In a different function
GetPasswords.OnServerEvent:Connect(function(PlayerToHackName)
			local PlayerToHack = Players:FindFirstChild(PlayerToHackName)
			SendPasswords(profile, PlayerToHack, profile.Data.SessionPassword)
		end)
4 Likes
2

I cannot express the degree to which I believe this game idea is a poor one. The terms of service are crying by this post’s mere existence.

6 Likes
3

Are games like this against tos? It’s not their actual roblox password. It’s a randomly made up one assigned to a player.

1 Like
4

That was sadly not made abundant in the post when you said this:

2 Likes
5

oh lol let me fix that really quickly

2 Likes
6

Do you know of any fixes to my problem?

1 Like
7

Simply don’t send this data to the client until the textlabel actually needs to be shown to them. Is there any other reason the data is being sent to the client immediately aside from displaying it in a textlabel?

1 Like
8

Send the data from the guess text box up to the server to check if the password is correct, if so complete your logic the opposite way

2 Likes
9

what do you mean? I thought you were not able to edit gui from the server. How would I change the text to the real password if I can’t edit it on the server?

1 Like
10

It is only sent when a player tries to hack another player and the ui with the buttons for the guessing minigame pops up. (event gets fired) and then recieved on the server. I am having a problem with the next step which would be sending the fake passwords and the actual password for the player to guess to the client so the text could be set for the ui.

1 Like
12

wdym i hope this is a joke lol.

1 Like
13

You should be using a RemoteEvent to do this, not directly manipulating the GUI on the server.

1 Like
14

sorry i misunderstood i thought you were using the players actual password somehow, i just reread it

2 Likes
15

I am. I fire an event once everything gets verified on the server when a player tries to hack someone. I just want to know if I should send the real password in that event.

ShowPassword:FireClient(player, fakepasswords) – Should I add it in here?

2 Likes
16

ah, someone thought the same thing earllier lol. No worries

1 Like
17

You should only send the real one to the client once they have correctly guessed the password (if that’s when that textlabel you mentioned should be showing, that is.)

19

I take that this is similar to how skribbl works?

Aside from that, here’s what I’d do:

Player A (victim):

  • Creates and sends a chosen password to server

Server:

  • Receives each players’ chosen passwords
  • When requested by a hacker (and of course after checking if this is allowed by the game’s logic at that point… otherwise you could enable a DDoS vulnerability haha), sends along a table containing faux-generated passwords with a guarantee to include the target player’s password

Player B (hacker):

  • Can request for the table created from the server
  • Handles GUI hydration after the table from the server is received

For the passwords to not be easily recognized by various “hackers” as the game goes on, consider requesting that players change their passwords. This is so that the guarantee that the victim’s password is in a table does not make it easier for the hacker to uncover the password after multiple attempts.

And if you still need help with the presenting of the server-passed information, you should send over some of the rendering/client-side code so we can help with that.

20

Use a remote function that returns a boolean to check if the password is correct.

2 Likes
21

can you explain how I would do that? Here is my client code.

local ReplicatedStorage = game:GetService("ReplicatedStorage")
local Players = game:GetService("Players")
local Player = Players.LocalPlayer
local PlayerGUI = Player.PlayerGui

-- Main GUI
local MainFrames = PlayerGUI:WaitForChild("MainFrames")
local HackingUI = MainFrames.HackingUI
local PlayerList = MainFrames.HackList

-- MainFrames
local PlayerFrame = PlayerList.HackFrame
local MinigameFrame = HackingUI.MinigameFrame

-- Events
local Events = ReplicatedStorage.Events
local GetPasswords = Events.GetPasswords

local Public = {}
local Private = {}

function Public.FindPlayerToHack()
	local HackButtons = PlayerList.HackFrame:GetDescendants()
	local PlayerToHack = nil
	for i, button in ipairs(HackButtons) do
		if button:IsA("GuiButton") and button:HasTag("HackButton") then
			PlayerToHack = button.Parent.Name
			print(PlayerToHack)
			button.MouseButton1Up:Connect(function()
				GetPasswords:FireServer(PlayerToHack)
			end)
		end
	end
end

return Public
22

Take a look at a previous comment I left on a similar issue.