Where do I safely put variables?

Where should I safely store my variables?
I’m relatively new to scripting and I just store my variables in local scripts, but I read that it isn’t safe to store them there as exploiters can change them.

I’ve thought about storing them in ServerScriptService/ServerStorage, but some variables are player specific (like ability cooldowns for example) and I’m not sure if those should be put there(or how to).

1 Like

Honestly, I wouldn’t worry about it, especially if you’re new to scripting. Exploiters can change anything on the client and inject their own code - just focus on making the server-client interactions secure with your RemoteEvents and that’ll solve a lot of exploit problems.


There will always be ways to somehow access the client. You won’t have to worry about this too much if you use the Server (access between the two with RemoteEvents) for important things like currency.

Here are two examples of short algorithms to show what I mean with this example:


Click button
Check if player has enough of their currency for purchase
Fire event to server for transaction


Click button
Fire event to server to check if player has enough of their currency, and handle transaction

It’s a little more work, but this is much safe as an exploiter can change their currency on the client, and that will have it fire the event and proceed with the transaction.

Hope this helps! :grinning_face_with_smiling_eyes:


I think you’re trying to describe values, instead of variables. I put mine in ReplicatedStorage, but I myself is not really sure what would be the best choice.


ReplicatedStorage replicates its children objects to both the client and the server.
ServerStorage only replicates its children to the server. It is practically inaccessible to the client. (same goes for ServerScriptService)

ReplicatedFirst replicates it’s children objects to the client and server first. This service is normally used for things like loading screens.

1 Like

Ideally, you want your client to have as little vital information about the game as possible, while still making it convenient and playable.

This means storing code somewhere safe (ideally using ModuleScripts in ServerScriptService, but data Instances like IntValue, NumberValue, et cetera in ServerStorage are fine if you are starting out).

When the client needs to access the code, you should put in a remote event or a remote function that will ask the server to provide the data needed.


But what if I have variables which are player specific, which are different for each local player, how can i store those on Server-Side (using module scripts)?

For example, if I want to know if the local player is sprinting and would like to store it inside a boolean, I couldn’t just put it on the server as it is different for each player.

You might not want to do that with something like a sprinting boolean, but you can and should store data like currency, experience, level or anything else that is vital on the server.

You absolutely can store personalized data on the server, either by creating a folder for each and every player or by creating a table where individual players are the keys. ModuleScripts in particular allow you to store tables on the Server side, as well as do operations on these tables as needed.