I am creating an inventory script with delete + equip functionality, so in theory I should use a LocalScript and connect the delete and equip with remote events to the server. However, could this be used by exploiters to equip/delete other people’s pets? Should I use a local script or a server script?
:FireServer always passes who fired the event as the first argument, and this is a thing exploiters can’t change
2 Likes
You should always use 1st argument that remote passes which is player that fired it
1 Like
Can exploiters fire their own fireservers with custom plr names?
Fire Server 1st argument is always the player that fired it, they can however put any arguments they want after it
1 Like
You shouldn’t pass player names through your events to know who fired them, Roblox already provides this. Also the Player object gets passed as the first argument
2 Likes
Exploiter can only manipulate their own inventory, but not other players’ inventories
1 Like
Since you Roblox is automatically passing ‘plr’ into FireServer, do such exploits exist which edit the part of the backend roblox code that passes in the plr to pass an arbitrary parameter instead?
These exploits don’t exist (And I’m sure they wont appear)
1 Like
I told you that is something they cannot change. Tracking who sent a request isn’t a oh-so hard task for the Roblox servers and it has no vulnerability
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.