After a Private Module Script has been downloaded for example:
require(123456789)
Will the module go into the game, or will just download the table? I ask this because idk if a Private Module can be get from the client side using exploit executors… Can they get the code of the private module using an executor?
Private Modules won’t work at all because of an update. All ModuleIDs must be physically in-game or be on-sale
Private Modules have been deprecated for at least a year now. Mainly for security reasons. The only way to use them is to have access to the module either in game or in your own models.
The owner of the Module can still use it, even if is private. ( I know there is no point on using it, but I still like them)
I agree I think it’s a good way to protect your code if you want to release a system to the public but unfortunately it was being used for malicious purposes so they had to be removed.
But where do these ones goes, I am so scared. I use it and idk if the client can steal them…
The client cannot steal models. Or anything inside the Server.
Exploiters don’t use require() often as they have better ways to “download” scripts. If they had to use require, then they would need to upload their scripts onto the website, which risks it being deleted by Roblox.
Instead, they have functions like game:HttpGet() which makes an HTTP request from their client to the link they provide. Typically this is an obfusticated script hosted on pastebin.
If the module is only used by server scripts they can never be stolen.
Local scripts can’t require modules by their ID anyway. They have to be in the game.
It won’t go anywhere, just the source-code will be compiled and sent to the client depending on where you’re calling require from, if you’re doing it on the server than there shouldn’t be any way to view the source (and no way to view the object as well if the script is under ServerScriptService or ServerStorage) on the client.
That is if you’re requiring the ModuleScript object, can’t require modules on the client by ID anyway.
Even if they’re only used by server scripts, they can still be stolen if they are replicated to the client. (which is why you shouldn’t store things in ReplicatedStorage/ReplicatedFirst/Workspace/Lighting if you don’t want the client viewing it)
I never set the script.Parent to anything. So this means I am secured right?
Server-scripts aren’t compiled on the client in any case (regardless of where you put them) so there’s no way for clients to even receive their bytecode, they can’t be stolen but rather viewed as empty objects.
Edit: I realize you were talking about ModuleScripts, alright then.
I meant that if a module is stored in ReplicatedStorage (or other things where the contents are replicated), its source can be viewed by the client even if it isn’t being used by the client.
Unless the exploiter somehow got access to the id of your module, you should be safe.
What do you mean? If they have the ID will they be able to steal it?
If the module is copy-locked it can only be used if the owner of the game has the script in their inventory. Require()'ing a module by its ID won’t work if it’s private and they don’t have a copy.
Hey, this should be able to help you understand a little bit more on ModuleScripts and requiring online modules on Roblox! https://developer.roblox.com/en-us/api-reference/class/ModuleScript
I just saw an executor can do game:GetObjects now, can they download the module that way? By the way, if I download an executor to see what they can do, can it get me banned in Roblox? I ask a lot cuz I haven’t downloaded in my life an exploit, instead I just read the wiki… (Sorry for bothering you at this time)
game:GetObjects() can only be used on assets that are open source or owned by the game’s owner, and it is limited to the command bar and plugins. I would think that exploiters could only have that kind of access through a backdoor, which would be an entirely different problem.