Storing Variables and Data

I’ve been practicing to store variables and data on scripts and avoid storing them on Instances such as BoolValue, NumberValue, ObjectValue, ColorValue, Etc. So I really want to know if it is safe to store variables and data on these Instances.

What I Know

  • Security Depends on the Value Object’s parent (ServerStorage, ServerScriptService, Etc.)
  • Value Objects have a .Changed Event
  • Value Objects can be read and accessed by the client and server (if replicated)

What I Think I Know

  • Variables in scripts are safer and can’t be read or modified by the client or server directly

What I Want To Know

  • When do Value Objects actually come in handy?
  • Is it safe to use Value Objects?

I’m not a die hard developer yet, so I don’t actually use these things :tipping_hand_woman:t2:


The only security issue I can see is the client seeing vital information held by the server, if exposed through replication of data-storing objects. Other than that, it really comes down to good practice in programming; data-storing objects are generally avoided since they’re more or less useless.

Data can be stored in regular variables or tables, and can be associated with an object through use of certain data structures; for example, a dictionary:

-- associate 10 apples with a player object style
player.Data.Apples.Value = 10
-- associate 10 apples with a player dictionary style 😎
playerData[player].Apples = 10

-- get apples of a player object style
local apples = player.Data.Apples.Value
-- get apples of a player dictionary style 😏
local apples = playerData[player].Apples

With that being said, I do find myself using data-storing objects sometimes. There’s no real need to go out of your way to avoid using them—it just seems odd to have Instances dedicated towards storing data.


As long as you don’t send the client seen values to the server through an event by doing something like


from a local script you will be fine. Even if a client changes these values and you read it from server it’ll remain unchanged.

Right, So , Exploiters Can see all the Properties of instances if it is on the client ( .Value is a property) , Use server script service to store these or use a table ‘local MyData = {}’ and ‘table.insert(MyData," your data ")’ if you require this data in multiple scripts use a BindableEvent
If you require the data on the server and client use RemoteFunction.
I recommend you read this.
Hope this helps :slight_smile:

1 Like

Storing these objects inside services like ReplicatedStorage or Workspace will result in automatic replication.


The reason why I asked such question is because my friend asked me to make a DataStore que thing and I came up with this:

which I am aware of is 100% unnecessary

1 Like

Only the local player will see the values that are changed. Other players won’t be able to see it. I store my values in ReplicatedStorage and haven’t had any issues with clients changing values. Since it’s Filtering Enabled in all games, automatic replication from client > server doesn’t happen anymore

That’s not what I’m saying. Clients can read values set by the server. Most of the time this won’t be an issue, but data that you don’t want clients spying on will be available to them freely.

1 Like

If you want to store your data in such a way, go ahead. I personally see it as too difficult to handle, and using a table means you can get it directly from a data store and store it directly back into the data store without having to change the structure of the data. Just my two cents.


I agree with you, you’d have to deal with stuff like :WaitForChild() and other loading concerns. This post was just to gain insight and I appreciate your advice :slight_smile:

1 Like

Problem with storing data in ServerStorage is really only being able to get the data via remote events from a client script. As long as you handle data on Server correctly you’ll be perfectly fine storing it mostly anywhere :smiley:

About that, I’m gonna make another forum post regarding an exploit I came across.

On second thought, there are several posts about the exploit, so nevermind then.

Try to reduce the number of unnecessary posts by editing existing ones using the pencil icon.

Also you should make your devforum profile public as I’ve been unable to DM you about some advice on another post you created today to help you stick to the forum rules & etiquette.

1 Like

Oh ok, I’ll make my profile public now

Edit: Forgot to enable “Users can send me personal messages”, it’s now enabled