Where should I safely store my variables?
I’m relatively new to scripting and I just store my variables in local scripts, but I read that it isn’t safe to store them there as exploiters can change them.
I’ve thought about storing them in ServerScriptService/ServerStorage, but some variables are player specific (like ability cooldowns for example) and I’m not sure if those should be put there(or how to).
Honestly, I wouldn’t worry about it, especially if you’re new to scripting. Exploiters can change anything on the client and inject their own code - just focus on making the server-client interactions secure with your RemoteEvents and that’ll solve a lot of exploit problems.
ReplicatedStorage replicates its children objects to both the client and the server.
ServerStorage only replicates its children to the server. It is practically inaccessible to the client. (same goes for ServerScriptService)
ReplicatedFirst replicates it’s children objects to the client and server first. This service is normally used for things like loading screens.
You might not want to do that with something like a sprinting boolean, but you can and should store data like currency, experience, level or anything else that is vital on the server.
You absolutely can store personalized data on the server, either by creating a folder for each and every player or by creating a table where individual players are the keys. ModuleScripts in particular allow you to store tables on the Server side, as well as do operations on these tables as needed.