Ways to make datastore more secure

Any thing I should consider on datastore to make it better than just normal datastore? I won’t be using DataStore2 though.

I don’t mean by good code practices only but generally if there is anything I should expand on datastores than using it normally.

I would probably guess keeping a save history per key is a good idea using a separate datastore scope?

Also, in the event that a data load or save fails, should it be retried?

1 Like

If you have a basic saving system such as periodic saves or saving after player removal. While loading the data, if there was some sort of failure (even if it’s on Roblox’s end) and the stats roll back to 0, the original data will be overwritten. You should only allow saving if the correct stats are present. Moreover you should use pcalls to prevent breaking of your script if the data store errors.

In terms of security, just make sure to do everything via the server. Don’t make any remote events that directly trigger data saving, otherwise exploiters could fire them and mess with your datastores.

I don’t find keeping a save history to be too important as long as you know everything is set up correctly, but you never can be too careful. Just keep in mind this will mean the amount of saves you have per minute would be cut in half, making it harder to prevent throttling.

Often roblox can fail on the first, or even second retrieve data attempt. So it’s recommended that you use wrap a pcall() around your save data code. Then if the pcall() returns an error, you can retry the save.

Good luck with creating your datastore system!

1 Like

I already know to pcall my datastore calls and run it on the server with sanity checks (@ExcessEnergy).

Not sure what you mean by overwritten data? I should then not save if the data load failed to prevent overwrite?

1 Like

As long as you follow these basic precautions, you should be good to go. Making a secure datastore system is not too complicated, so there are not too many huge tips to give. You should be good to go.

1 Like

How about retrying saves or loads, is it recommended?

local success, result
local tries = 0 
repeat
    tries += 1
    success, result = pcall(datastore.GetAsync, datastore, userId)
until success or tries == 3
1 Like

Okay so imagine this scenario:

Player1 joins the game, he previously had 1000 coins, however the datastores fail to get the data for some reason. So the coin value rolls back to 0 even though the actual value should still be there in the database. If a periodic save overwrites the 1000 coins with 0 coins, there will be a permanent data loss. You could also try incrementing a backup datastore in this case with whatever the player earned in the session, say 100 coins. Next time the player loads in and data retrieves successfully u can add the 100 coins back to 1000. This is preferable by me.

1 Like

Yeah sounds like exactly what I said so I’ll keep that in mind to not overwrite data that could potentially still exist.

However, is it possible to detect corrupted data or data that is guaranteed not to exist anymore? I imagine that the error (usually comes with an error number code) given back could help you find out.

That is precisely how you would want to go about doing it. You got it.

I’m not sure what do you mean by that.

Nevermind, I don’t think corrupt data will be a problem anyways but if loading data fails, to prevent overwriting old possibly existing data, would I need to keep a backup of the data after lost data?

It would be better if you do that. For me I would definitely implement it. Even if you don’t, the previous data would load next time. But doing it just improves user experience in some way.

1 Like

You could try using UpdateAsync to verify the older data and update to the latest, to prevent overwriting as it won’t override other calls attempting to write to the DataStore.

It also uses only a single request from the budget.

I haven’t tried this, but in addition to your save history, maybe make the history save the players data from before the update, in case you messed something up bad then you can revert all players saves back to pre update.