We currently have Workspace.FilteringEnabled
and SoundService.RespectFilteringEnabled
however the server still gives clients full authority to delete any part inside their character model and have it replicate.
This has been reported as a bug previously but it is considered intentional behavior because nobody is sure what changing it would break. This is extremely dangerous for new developers who would expect to be able to put a value such as “Mana” etc under their character without clients being given authority to delete it. However, if the behavior is intentional, we need a way to work around it and perhaps a default setting to help new developers.
I propose StarterCharacter.RespectFilteringEnabled
as a new property to remedy this security hole. This would prevent the server from letting the client delete parts inside their character rig. The only modifications they could make to the rig would be position values. Every other property of every object (including joints, humanoid health, etc) should not be modifiable. This setting would be set to True
for all newly made places.