Hi developers, I came up with a way last night to make using RemoteEvents safe.
Before your pride and arrogance make you write a negative comment, let me tell you that I am aware that it may be vulnerable, and that is why I have come to post the method here, to know what vulnerabilities it may have.
The first idea that came up is to make a Remote Spy, a separate RemoteEvent that tells the client which RemoteEvents have been invoked (it’s not necessary)
Let’s start with the code example.
In my case, i just need make two Remotes, a RemoteEvent and RemoteFunction
_AE Use:
Its the first Step for the client.
local _AEKey = Events._AE:InvokeServer( );
It invokes the server, to return a key, which means a Folder inside another, whose name is the key
local _AEFolder = Services.RPS._AE:WaitForChild( _AEKey, 10 );
Suppose for some reason, it takes time to create, that’s because the WaitForChild
local module
_AEFolder.ChildAdded:Connect(function(v)
if v:IsA'ModuleScript' then module = v;end
end)
repeat wait() until module;
_AEFolder:Destroy()
module = require( module )
_ServerProxy = module:new()
And in this part, an infinite wait is made for the server to insert the module whenever.
I agree that it is completely unnecessary, but I wish the client could not read the module. It’s probably possible to see it with some deleted item log, but meh
¿What _ServerProxy doing?
is a module whose invocation of “: new” returns an object
Here’s the module
local this = {};
local Services = {
RPS = game:GetService('ReplicatedStorage');
PLR = game:GetService('Players')
}
local Events = Services.RPS:FindFirstChild('Events') or warn('Events no se encuentra en Replicated.')
function this:new()
local obj = {}; setmetatable(obj, self);
self.__index = self;
self.ClientLogs = {};
self.ServerLogs = {};
Events.AE.OnClientEvent:Connect(function( evName )
if not self.ServerLogs[ evName ] then
self.ServerLogs[ evName ] = 1;
end
self.ServerLogs[ evName ] = self.ServerLogs[ evName ] + 1;
if self.ClientLogs[ evName ] < self.ServerLogs[ evName ] then
Services.PLR.LocalPlayer:Kick' Server closed Proxy ' return;
end
end)
return obj;
end
function this:FireServer( ev, ... )
if not self.ClientLogs[ev.Name] then
self.ClientLogs[ev.Name] = 1;
end
self.ClientLogs[ev.Name] = self.ClientLogs[ev.Name] + 1;
ev:FireServer(...)
end
return this;