Hello, I was wondering, What the difference between putting your scripts in workspace or putting them in ServerScriptService.
Scripts located in ServerScriptService are safer. They can’t be viewed by a player unless they have studio access. This means no players can interfere with them while in game. Scripts in workspace can be disabled and deleted by a player (should they use exploits for example.)
2 Likes
False, scripts in workspace cant be disabled or deleted by a player either, however it’s more considerable to put scripts in serverscriptservice as exploiters can’t see a single script there.
3 Likes
Okay thank you guys! that helps out me.
These answers are partially correct.
A Server script can be put anywhere in the game and cannot be viewed. It does not matter where the script is located, workspace, serverscriptservice, playergui, ect…
However, a local script can be viewed if client has access to it. This is because the way the exploit compilers work. From what I understand and my experience working with anti-cheats and other exploit technologies, roblox exploits inject a DLL into the roblox client. This DLL messes with the memory ONLY on the client due to roblox adding client-server or FE. Now, the local scripts run on the client not server, meaning the exploit can compile the byte code using C++ based off the memory on the client.
But as I mentioned, server scripts do not work in the same manner. They cannot be compiled due to their execution’s being server sided rather than client sided.
However, I will note its more of a standard convention to put sever scripts in SeverScriptService rather than a requirement. Its the same with putting modules in ServerStorage. The same concept can be applied to code style conventionality between PascalCase and camelCase.
6 Likes
This post above is completely true, mark it as solution
1 Like
You still haven’t described any differences between parenting a server script to the Workspace as opposed to the ServerScriptService folder (which was the thread’s proposed question). The main difference between the two is that server scripts stored under the Workspace can be viewed by the client (as they replicate to the client) in the sense that their existence can be known by the client whereas server scripts stored inside the ServerScriptService folder are abstracted (hidden) from the client (do not replicate to the client) in the sense that their existence cannot be known by the client. Take a look at the following for example.
Server’s perspective:
Client’s perspective:
Server’s perspective:
Client’s perspective:
The other difference is that the ServerScriptService can grant access to the “loadstring” global function to its contained server scripts with the “LoadStringEnabled” property.
More info regarding the “loadstring” global:
2 Likes
Does this mean that an exploiter can change something in a server script which is in workspace?
1 Like