Server and client code in same module

Is it a good idea? (assuming no security issues would arise from the exploiters being able to decompile the server code)


The only risk is, as you’ve said, the client being able to read the server code.


I personally think that is not a good idea. You can use it if you wish, but as from what @Kampfkarren had said, the risk would be client access to the server code.
I think that you should not do it because I feel as if the risk is greater than the reward.
Again, just my opinion, I do not want you to feel as if you’re obligated to do anything.
Maybe use some remote events and functions instead? Just a suggestion.
Take care! :slightly_smiling_face:

I mean from an organizational standpoint

in that case, thats not a very good idea at all. i’d seperate the module into versions in serverscriptservice and wherever the client code is

In organizational stand points, have 2 separate modules for server side and client side code.

So you’re saying its a good idea to have modules of this sort?


-- Constants

-- cached vars
local RB = require(game.RB)

-- main

local remote = RB.Network("Notification")

local Notification = {}

function Notification.New(player,text,type)

return Notification
1 Like

type is a key word, so you should use a different word, or use a capital t.
But yes, if that is all server-side, keep it there, and put client-side in a different one.

1 Like

(1) Do you mean Requiring the same Module just for Data


(2) You store both Functions for Server & Client in the same Module?

If (2) then it’s probably a bad idea I would separate them

But it won’t matter if you put the Server’s Module somewhere the Client can Access.

If you really really want to keep it in one Module then I suggest that you use RemoteEvents

If your Table is a Mixed Table then you can Separate them into A Dictionary and an Array then Recombine them again on the Client.

That’s what I do because my Module script is a Data Base for my game’s items but also store some Server Side Functions.

This makes it easier to Edit the Module as I have only 1 big Module that requires small separate ones divided into their own Sections (Items: Pets, Effects, Weapons etc)

and it’s also Secure because I’m sending only what I need to the Client via Remote Objects.

Hope that makes sense.

1 Like

This is actually quite standard practice in programming. Often client-server applications are split into three main parts: client, server and core. Client contains all code only used on the client, server contains all code only used on the server and core contains code which they both use.

This prevents duplicate code and having to edit multiple modules which are identical and can be a pain to remember to change.

It should also be pointed out that other than the client being able to retrieve the code, this is completely secure.


This is what I do. I have an Items module which stores data about all of the item types in game, and both the client and server can read from it - then I have two separate functions modules which supply functions for the server and client.

If I made the functions module readable from both sides firstly, people may be able to more easily recreate/copy my game, and secondly, it would be much more messy.


That is the correct way to do things, and brings up another good point.

Scripts shared in core between server and client should be entirely useful for the client and server. You should not have some functions for client and some for server. If this is the case then you should split them up into client and server scripts. If however the entire script is useful for both server and client and there is no difference between the versions you would otherwise give the server and client, then it is perfect to go into core.


Wait. If a module is required by both a server script and a client script, does that mean the client can decompile the server script that required the module? I doubt this is the case but I’m just making sure.

No. Server scripts are never sent to any client in any form. If they ever are this should be reported as an exploit.

Alright cool. I have a module of random useful functions such as quick region3 creation, model flipping, etc that’s required by both the server and client. I was getting paranoid for a minute.