i seen alot of people that say its a nice way to make trades or chats but i dont understand why and how
can anyone explain ?
thank you for reading!
GenerateGUID creates something that is like a single use unique identifier token which can be used as an extra layer of security for whatever kind of authentication or purpose you want to use it for. Think of it like this. You wanted to make a remote event super secure so on the server you use GenerateGUID and than tell the client that token so when they send a remote event you have that token as one of the parameters, let me make a code example of this.
local function generateAuthToken(playerName)
currentTokens[playerName] = HttpService:GenerateGUID()
return currentTokens[playerName]
end
-- This way is more secure and only gives the server the reigns to creating remote tokens
-- Instead of a Remote Function you might want to use a Bindeable Event on the server that way the server only has control over the tokens
-- Or you could just use a function thats in the script if you are just creating the tokens for use in the same script
SecureTokenEvent.Event:Connect(function(player)
generateAuthToken(player.Name)
SecuredEvent:FireClient(player, currentTokens[player.Name])
end)
-- now when we call the remote event that we want secured since we returned the token to that player to use
SecuredEvent.OnServerEvent:Connect(function(player, token)
if currentTokens[player.Name] and currentTokens[player.Name] == token then
-- handle the rest of your logic knowing that it's secure
else
player:Kick("Exploiting or something")
end
end)
This is just one situation where it might help you, you can use it for just about anything but it is useful for security as it stated by this article :
Creates A UUID string which would be pretty hard to guess.
10 Likes
But can’t an exploiter simply invoke the server, get the token and fire the event?
1 Like
It uses the player parameter which cannot be altered and they wouldnt have access to that table on the server. Now yes they could just “get the token and fire the event” if that wasn’t part of having a sender as a parameter. I was just providing a basic use case that wasn’t subject to much variability.
2 Likes
thank you its a good way to remove exploiters
but why big games like jailbreak dont use that way because there are some exploits for jailbreak
Games like jailbreak are dealing with unfortunately the best that the exploiting community has to offer. Which is a constant struggle for the top game developers. To add to this it wouldn’t make much sense if every remote event or every remote function you are firing needs to have a UUID everytime it wants to accept data. This isn’t the only way to combat exploiters from firing your remote events and wreaking havoc on your game. That’s why you add other things like authentication checks to prevent this.
to add to this remember to never trust the client.
2 Likes
Hmm, my english is pretty bad, so I’m not really sure about what you said, but an exploiter coud do that:
local token = SecureTokenEvent:InvokeServer() -- overwrited the last token
SecuredEvent:FireServer(token)
Again as I said yes they could do this i was just gving a basic example. I will update my original post with a truly secure way right now.
1 Like
for more security the code should have player:
local token = STE:InvokeServer()
SE:FireServer(player, token)
-- SecuredEvent Handler or SE Handler
if player then
print("The arg isn't missing")
else
print('No Player')
end
i dont think i did this right
1 Like
This is just one of many methods delaying exploiters. They are the receivers of the remote events and functions they will see it.
is there a way to completely ban exploiters so no one can crack the game
Well, once they used enough alts to figure out how the anti exploit works it won’t be very effective. So I guess unless you’ve found a new way of encryption I’d say not.