so, i’m currently making a game which will have quite alot of client-side code (for visuals) and i’m wondering if, instead of leaving this module “open” like that, or upload it to the library
(The code side would be
local Functions = require([AssetID])
instead of
local Functions = require(script.GuraMoves)
(i’m a bit paranoid about people stealing code as of lately…)
I don’t think you can require modules on the client by Asset ID.
EDIT: You’re probably just gonna have to deal with it sadly due to how client & server works. The more you can pull towards the server side the harder it’ll be to steal code according to your concern.
I don’t think you can require ModuleScripts by AssetId anymore unless they’re public domain, so actually you’d be better off keeping it in-game.
However, it’s much easier for you to maintain a script if it’s in your game. Otherwise, you would have to reinsert a copy, edit, and re-upload in order to keep it updated (and test it). Just make sure you handle everything important on the server. It doesn’t matter if your code is stolen if your security is right on the server.
I’ve tested this and you cannot require any module, public or not. (on the client)
Oof, i was going to say that. But also exploiters are able to steal client code already. So trying to hide it is kind of pointless.
@ClockworkSquirrel third-party closed-source modules are gone, but you can still require your own offsale modules. But as mentioned, requiring by asset ID in a localscript doesn’t work.
Your best bet is obfuscating your code to make it harder to read.
No, don’t do that. The code can still be decompiled and reverse-engineered, albeit taking more time.
Well, I mean, he doesn’t really have any other options? What would you do?
Just leave it open. Plus the decompiled result is never 1:1 with the real thing because clients don’t get the actual source.
Obfuscation is a terrible suggestion since you can lose out on performance benefits, and it makes debugging code like hell.
And deobfuscating exists too.
You’re correct, but if I obfuscate one or two scripts with not that many lines of code I don’t receive reports of reduced performance and in this case I don’t see the reason to obfuscate.
yep I agree.
In a circumstance in which you’re selling technology, it might be useful but I just use httpservice but that requires a lot of other things, anyways, that’s another topic. o-o
Even if you were to use an asset id, some exploiters would still be able to get the source since it’s on the clients machine and, the client can theoretically manipulate memory how ever they want.