Unless Roblox has a problem with security testing… there is nothing wrong with doing so. Real Staff members have not publicly said whether it is or not… so it’s fair game. They would be contradicting themselves if they said it’s not allowed since Bitdancer made it very clear that if Devs can figure this problem out on their own that it would be much less work for them.
The trouble is that doing such requires me to actually test with the Roblox client directly. This means I have to bypass byfron. While it might be possible that they are chill with that to use on my own experience, it would be something that would work on most of the platform. For most products, that is against tos. Hacking is generally not allowed unless you are given express permission. I won’t take a “they haven’t said no” as permission.
It does appear there is a bug bounty program that seems to give permission for localized testing of things like this. Though honestly I don’t actually care enough to try. There is a rather large difference between specifically attacking your proposed anticheat (has a trivial solution for the client sided stuff, any strength of your stated design comes from the server initiating contact, but that can still be abused), and figuring out how to crack the platform anticheat. Most of my responses are from the perspective of having already bypassed the platform anticheat since this thread specifically is about what devs can do client side to prevent cheating, which is irrelevant if the cheated client was blocked anyways. (And note that ALL anticheats on the client can be bypassed and the bypass script distributed. It’s only true defense is complexity and constant updates)
Don’t get me wrong, a lot of security is security in layers, but for individual devs the recommended action is ALWAYS server sided validation because they likely can’t and probably shouldn’t spend their dev time trying to block what the platform missed, at least from the client.
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.