In a project I have been working on, string.dump is being used to verify the integrity of my functions so my code can ensure nothing was modified. However, I’ve noticed string.dump returns as if the function is blank when running in online mode for my code would constantly fail integrity checks. Although I could just not verify my code, string.dump not working in online mode seems like a bug to me for it works fine in Studio. Heres a repro:
local function Test()
print("This is a test function")
end
local String_DumpedFunction = string.dump(Test)
print(#String_DumpedFunction, String_DumpedFunction) -- returns 12 characters even though it should be more every time
I wouldn’t be too worried about this if I were you.
As long as you have a smart client/server model with FilteringEnabled, clients shouldn’t be able to do much damage.
Have you tried replacing non-whitelisted characters with something such as ? (to see that there was in fact something like that)
I remember having to substract about 36 or 64 or how many characters it was (may depend on the path name) to get rid of something that made the rest of the string not show up (could be the NUL/null character?)
It doesn’t make sense to perform the check in OP anyway because if they can modify your code then they can also modify your check. It doesn’t seem like an effective or elegant security measure at all.
It’s not dumb because you don’t want people to be able to easily reverse engineer code from dump information. In Studio it doesn’t matter since you can’t require private modules there anyway, but online it does.
