[URGENT] How can I secure my module script from exploiters?

Help and Feedback Scripting Support
#1

Hey. I am developing a ROBLOX game, and I recently learned that players using exploits can run functions in modules since Byfron didn’t help in the slightest. This completely ruined how my session data works in my game. Basically what I have right now is a module script that has functions to add, remove, or get the current session data of a player. The session data contains information such as how many stands a user has and what they are, how many recipes they have and what they are, and so much more. If exploiters could get their hands on these functions, they could practically give theirself or others (in the same server) an OP level, which I 100% do NOT want. Here are some parts of the code:

local inventoryDss = dss:GetDataStore("Inventory") -- inventory datastore
local sessionData = {} -- this will hold the current session data of all the players in a server
local defaultInventory = { -- default session data for those who have played for the first time
	['Stands'] = {1},
	['Recipes'] = {1},
	['Foods'] = {},
	['FoodsOnSale'] = {},
	['LastUsedStand'] = 1,
	['LastUsedText'] = "your text here"
}

module.getSessionData = function(plrId, attempt) -- gets a player's session data
	local attempt = attempt or 1
	local success, result = pcall(function()
		if sessionData[plrId] then
			return sessionData[plrId]
		end
	end)
	if success then
		return result
	else
		if attempt == 5 then warn("Couldn't get Session Data") return false end
		wait(1)
		attempt += 1
		module.getSessionData(plrId, attempt)
	end
end

module.addToSessionData = function(plrId, category, add, attempt) -- adds to a players session data (for tables)
	local attempt = attempt or 1
	local success, errorMsg = pcall(function()
		if sessionData[plrId] then
			if sessionData[plrId][category] then
				table.insert(sessionData[plrId][category], add)
			end
		end
	end)
	if success then
		return true
	else
		if attempt == 5 then warn("Couldn't Add Value to Session Data") return false end
		wait(1)
		attempt += 1
		module.addToSessionData(plrId, category, add, attempt)
	end
end

module.changeSessionDataValue = function(plrId, category, add, attempt) -- changes session data for a player (for values)
	local attempt = attempt or 1
	local success, errorMsg = pcall(function()
		if sessionData[plrId] then
			if sessionData[plrId][category] then
				sessionData[plrId][category] = add
			end
		end
	end)
	if success then
		return true
	else
		if attempt == 5 then warn("Couldn't Change Value in Session Data") return false end
		wait(1)
		attempt += 1
		module.changeSessionDataValue(plrId, category, add, attempt)
	end
end

module.removeFromSessionData = function(plrId, category, remove, attempt) -- removes from a players session data (for tables)
	local attempt = attempt or 1
	local success, errorMsg = pcall(function()
		if sessionData[plrId] then
			if sessionData[plrId][category] then
				if sessionData[plrId][category][remove] then
					table.remove(sessionData[plrId][category], remove)
				end
			end
		end
	end)
	if success then
		return true
	else
		if attempt == 5 then warn("Couldn't Remove Value from Session Data") return false end
		wait(1)
		attempt += 1
		module.removeFromSessionData(plrId, category, attempt)
	end
end

As you can read by the title, this is urgent since I need to finish this game soon. If there are any missunderstandings or any missing information that might be needed, please lmk. Thanks.

1 Like
#2

How exactly are you taking care of the Modules?

If they are important (such as Player Data), put them in the Server (eg ServerScriptService or ServerStorage), Server stuff do not Replicate to the Client, therefore cant be manipulated by it.

3 Likes
#3

stupid how i forgot about that

#4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.