So currently I am working on a game and using a component based framework for now. I am wondering how I should organize my remotes and the module script for server and client. The current method I am doing is two scripts one for the server module and one is the clientModule. I also hear a different method that you can use called RunService:IsServer() this was my original plan.
Pros of two scripts:
Better Security
Obvious which part is run on the server or Client Cons of two scripts:
you have to store the scripts in two locations
you might have to duplicate code
Pros of one module:
Everything in the class is in one place
You don’t have to duplicate code Cons of one module:
slightly harder to read due to Run:Service()
worse security
And regarding the remote, my current method is to send the server information using the UUID of the object and the string for what function to call, are there any other method or is this the best one?
Edit: I also consider using configuration folders or attributes since configuration folders have the advantage of nesting folders but takes up more resources when you use it compared to attributes.
How did you come to the conclusion that the security would be better/worse? No matter which method you use the security is the same as the client has full access to whatever is presented to it. When using a single module you do expose the client to the server-side code if said code is shared but they can’t do anything with it as said code is ran on the server, and is useless on the client.
Say I have a gun class, I would prefer to validate if the shot comes from the client in a reasonable position. If I make a shared module, the code for server hit registration will be visible. In that case I can just make another script that handles the security but that kinda breaks the purpose of one script. Since looking at my current method of hit registration, I can reverse engineer it to make a hack.
The issue is does this security risk outweigh the benefit of organization and less code typing? Also I am happy to look at any other method.
I mean, the code being visible to the client shouldn’t pose an issue if it’s effective, as for example comparing two rays isn’t really spoofable whether they know it happens or not, as they’re not able to change the server calculations directly.
I get what you mean though, personally, I have a script on the server and client with a common framework in between. But I made it so I can register modules to the framework which are limited to the server, client or shared. For things like weapon calculations, I’d register a module in ServerStorage which would deal with that, kinda like a weapon manager.
Its structure is a bit like this:
ServerStorage:
- ServerScript (Initializer for the framework + modules registration)
- Modules (Folder) (Server Modules)
- ...
- ...
ReplicatedStorage:
- Framework (Module) - Basically just the framework itself handling essential code.
- Modules (Folder) (Shared Modules)
- ...
- ...
StarterPlayerScripts:
- ClientScript (Initializer for the framework + modules registration)
- Modules (Folder) (Client Modules)
- ...
- ...
The Framework idea is pretty interesting I’ll probably use it. Thinking about it closely, I can just make the more important functions to be used in the server otherwise it’ll just use the saved one.