What is the best way to protect my teleport data?

oskxzr · August 24, 2020, 8:09am

Hey developers.
As I am sure you are aware, teleport data is only able to be fetched locally. I’m trying to make a system that, when a player is shifted from game to game using TeleportService:Teleport(), the teleport data is set to a leaderstat that is then loaded into the other game.

I looked into GlobalDatastore, but I didn’t really understand it so I went with this method.

Here are my server and local scripts; what improvements can I make onto this? I feel like it is incomplete/inefficient.

Local:

local TeleportService = game:GetService("TeleportService")
 
local Player = game.Players.LocalPlayer

local teleportData = TeleportService:GetLocalPlayerTeleportData()
if teleportData then
    if tonumber(teleportData) then
        print(teleportData)
        game.ReplicatedStorage.POINTS:FireServer(TeleportService)
    else
        Player:Kick("Teleport data did not meet requirements.")
    end
else
    Player:Kick("Could not retrive teleport data.")
end

Server:

local playerData = {}

game.Players.PlayerAdded:Connect(function(player)
    
    if not playerData[player.UserId] then
        playerData[player.UserId] = {
            ["SENTPOINTS"] = false;
        }
    end
    
    local leaderstats = Instance.new("Folder", player)
    leaderstats.Name = "leaderstats"
    
    local points = Instance.new("IntValue", leaderstats)
    points.Name = "Points"
    
end)

game.ReplicatedStorage.POINTS.OnServerEvent:Connect(function(player, value)
    if not playerData[player.UserId].SENTPOINTS then
        player:WaitForChild("leaderstats"):WaitForChild("Points").Value = value
    end
end)

TerrorPieYT · August 24, 2020, 8:56am

Even if it’s partially client-sided, it’s still exposed and can be tampered with by Exploiters.

Honestly, DataStores are your best bet here.

NobleReign · August 24, 2020, 9:20am

I do agree that figuring out how DataStores work is probably a better option, but if you’re already set on using TeleportData for this then I’d recommend you switch to this method instead, which returns the TeleportData with a bit more security, and works on the server side.

AsynchronousMatrix · August 24, 2020, 9:21am

Maybe have a client key. Do something with the player user I’d. UserId * game.CreatorId etc

With that you can check the client key on the other end. You could also create a gui. With a hidden frame with the name as that client key and you can check on that gui. For a backup lol

Ik big games use the http service generate guid to create a key when transferring data.

oskxzr · August 24, 2020, 10:16am

Exploiters can easily download assets from your game… They can acess anything that you can access locally. So, if a key was to be implemented you’d have to do it completely server sided.

AsynchronousMatrix · August 24, 2020, 9:39pm

Maybe, But wrapping that key. In a bunch of variables, Hiding it and creating some sort of variable loop.

A hacker navigating LuaU to get that key is going to be hard
Even so. Youc ould encode that key into 1 char = 1 variable. A hacker handling that is even harder. Then you can simpy construct the key once needing to teleport. Have the ket be sent to the client though a remote function in replicated first