Working On A Custom Developer Console, I have a few questions about security concerns

Hello, everyone.

I’m working on a new Developer Console that is built more for my game, rather than the current developer console. The console I’m working on will allow players who know the commands to execute said commands if they know the commands and the appropriate permissions.

My biggest security concern, however, is I’m planning on having developer-only commands such as God, NoClip, etc. These commands will be sent to a server event and processed in a ServerScript. I’m wondering if exploiters could potentially change their name and UserId and trick the system into thinking they’re a developer. Will having all of the available commands in the ServerScript, and only be checked in said ServerScript prevent any trickery of this kind?

Here’s a crude drawing of how the system currently works:

Main advantages to using a custom devconsole, opposed to the default one Roblox has made:

  • Interface that I want to have and one that can match the rest of my game’s User Interface
  • Quick commands that can be quickly executed by typing it in instead of typing it out in the command line
  • Output items related only to my framework, and warn, error, etc.
  • Allow players to execute client-only commands, such as enabling features I don’t have room for in the main menu. These include non-game changing flags like using the 3rd person body as a view model, quickly enabling blood, etc, etc.

I know the likelihood of my devconsole being exploited is unlikely to actually happen, but I am still a bit concerned if I need to add in more security to it, since exploiters can locally change their Username & UserId.

1 Like

The player object passed through the RemoteEvent’s player property cannot be changed by the client to trick your scripts (I’ve never experienced this at least). Comparing the UserId or Username of the passed player should be fine.


Alright, thank you! :slight_smile:

I’ll see if this is the case in next couple months when I implement the developer console.