Hello, i’ll get straight to the point.
I was wondering Where do you guys store the script of tools? Because i thought that if i put them in ServerScriptStorage or ServerStorage and let one script manage every request,it would be safe but at the same time, it would be laggy because imagine 15 players spamm shooting all at once. And on the other hand, if you put them inside the workspace with the gun, it would be a bit dangerous, as it is accessible by exploiters. So what should i do?
Usually what you want to do in this situation is have the perfect balance, control inputs and expensive actions that are less in efficient on the client when possible, and pass those inputs to the server.
To prevent exploiting, you’ll want to ensure the validity of values being changed by the client, so when a value is changed have the client communicate that to the server, and have the server verify it, if the value is unexpected, change it back or kick the client.
This ends up being a balance between security and performance. Ideally you want to keep things that may get hacked out of reach on the server. However there are advantages to client side you also want to take advantage of. So you balance it out.
Of course, though @ThisUserIsRare_777 Make sure you are never putting ServerScripts in any place other than ServerScriptService, or ServerStorage unless you want them to be replicated to the client, which I wouldn’t recommend, since it is a huge security issue.
That’s incorrect, ServerScripts can be accessed by exploiters if the script is replicated to the client, of course their code isn’t able to be edited since it isn’t replicated to the client, but ServerScripts can be deleted, disabled, and renamed by the client when replicated. Which is not something you want to have. Primarily due to issues with how server scripts’ runtime are connected with the server, and when that connection is edited it can create a easier way to find and or create backdoors.
