Workspace.RejectCharacterDeletions - Default Transition

Osyris · March 31, 2023, 7:36pm

Hi Developers,

We hope you’ve had a chance to explore and opt into our recently announced replication security feature, Workspace.RejectCharacterDeletions. As part of our ongoing commitment to improve security and user experience, we’d like to inform you of an upcoming change in the default behavior of this feature.

Mark Your Calendars

On May 1st, we will be updating the Default setting for Workspace.RejectCharacterDeletions to mean Enabled. This update will enhance the security of your experiences by automatically preventing client-side deletion of descendants in a player’s character from being replicated up to the server.

What You Need to Do

To ensure a smooth transition and avoid unexpected changes in behavior, we recommend that you:

Review your current setting for Workspace.RejectCharacterDeletions and update it to Enabled if you haven’t already.
Test your experiences and make any necessary script changes to accommodate this feature.
If you need more time to transition your experience, update the setting to Disabled.

Need Assistance?

If you encounter any issues or have questions about implementing this feature, please don’t hesitate to reply to this thread.

Thank you.

system · March 31, 2023, 7:46pm

This topic was automatically opened after 10 minutes.

CatzRule_81 · March 31, 2023, 7:46pm

What sort of clientside functions would be affected by this change (not including the usage of level 5/6 exploits)?

VegetationBush · March 31, 2023, 7:59pm

It makes no difference whether it’s level 5 or 6. The update literally just prevents deleted character parts from replicating to the server.

CatzRule_81 · March 31, 2023, 7:59pm

I’ve most commonly heard levels 5 and 6 being associated to exploits so I specified it here. But thanks for answering though.

Abcreator · March 31, 2023, 8:15pm

This implies that disabled will be forcefully removed at some point, is this true?

colbert2677 · March 31, 2023, 8:24pm

The names “Level 4”, “Level 7”, and “Level” alongside any number ever were made to refer to these kinds of exploits and the fact they could access functions from higher context levels. The number itself doesn’t mean anything, and the terms are usually misquoted as meaning different things. A “Level” anything is just a fancy way of saying “script executor”.

_{Exploiting Explained - Local Software. Accessed March 31st, 2023 @ 4:18 PM EST.}

It’s explained right in the thread what this update’ll do. Glad we’re moving forward with this, felt overdue as one of the retained pre-FilteringEnabled behaviours. It is unfortunate that some older experiences that don’t get updated will break but in the face of security this is one important piece of the puzzle regarding character exploits.

That mainly just leaves me with network ownership exploiting. I really do not like giving the server network ownership of anything because of how expectedly slow it simulates physics but I otherwise can’t avoid exploiters teleporting around NPCs or even doing something strange with their own character (notwithstanding how I also need client character control to a degree).

BackspaceRGB · March 31, 2023, 8:42pm

I dont see why they wouldnt do this, although it could break old games. But then again, it was the same for FilteringEnabled, and they forced it anyway

baseparts · March 31, 2023, 8:47pm

Thank you! My game interacts a lot with players characters and having to check deep within the characters hierarchy for nil parts was a pain.

knightmb1 · March 31, 2023, 9:01pm

I suspect most old games will still work, how often do you need a client to delete themselves or part?

Aeplexi · March 31, 2023, 9:36pm

10/10 update man. I really love this.

AbstractAlex · March 31, 2023, 10:09pm

DO IT!

One of the biggest dev-unknown security holes is about to not need to be dev-known, which is dev-tacular

auxluvy · April 1, 2023, 12:01pm

Is this strictly for deletion of descendants? Does it reject replication of values such as IntValues being altered inside the Character?

Goldthyr · April 1, 2023, 3:25pm

does this apply to deleting humanoid on client too?

Empereans · April 1, 2023, 5:07pm

Games that expired longer than my grandfather’ s years.

rubitonlive · April 3, 2023, 3:45am

i guess all of those surveys asking people if their places get affected by exploiters really amounted to something lmao

Heimskeet · April 3, 2023, 2:07pm

AFAIK you could never change IntValues on client and have it replicate. Same with Humanoid.MaxHealth

OutlookG · April 26, 2023, 1:26am

Not sure if this has been reported, but we’re refraining from enabling this setting because of one issue. When players are killed their limbs do not fall apart as is usual, instead the character freezes up and does not move, this harms our games User Experience as users become confused on what just happened as falling into parts is what usually happens when you die.

We’re killing players client side using :BreakJoints() in order to have instant feedback for the player when they die.

shlyapniq · May 2, 2023, 8:33pm

So whats the news? Did it change? its 1st of may

Osyris · May 3, 2023, 8:21pm

Hi @OutlookG, we’ve just enabled a fix for this. Could you please verify your game is working as expected now with Workspace.RejectCharacterDeletions enabled?