I am currently making a module that converts a string to symbols and reverses everything. After converting, it randomizes the symbols for each letter. It can then be decoded into actual text once arrived. Note: strings can only be converted on the server since I don’t want hackers utilizing the module. Would this module help with the prevention of data being stolen when it is sent from the client —> server or server —> client?
3 Likes
This would probably be sufficient for keeping data out of the hands of exploiters using RemoteShark and what not, but just make sure that the client gets nowhere near the decryption key, or else exploiters (if determined enough) could start to decrypt data being sent to their client.
1 Like
This makes no sense to me. Explain what you mean by stolen data. If you are sending data from server to client why would you need to encrypt it and if you are sending data from client to server all you need is a good system for handling your player data and making sure those requests are valid.
1 Like
Basically if you don’t know already, exploiters can access data sent from the server → client using remote events and other forms of sending data. This is to encrypt messages being sent and having firewalls to prevent decoding to take place by the exploiter. It basically encrypts and decrypts messages to keep the data safe.
1 Like
What data are you sending to the client that is so important? Couldn’t there be a way of keeping that data server sided and giving the client only that is needed?
If its literally just data like Inventory table or something, there doesn’t seem to be a point in encrypting it.
1 Like
You can’t keep all data serversided. I am also not just talking about player data. Encrypting messages in this module keeps data that could potentially be useful to an exploiter as they can access data. That data could then be used to keep track of other things.
1 Like
This type of system would be pointless. I am very aware of how remotes work and what exploiters can do with them. If you don’t want the client to see the data the server is sending to them then there is no point to send the data in the first place.
Having good remote security isn’t about making pointless encryption and decryption efforts. It would be in your best interest to send data to the client normally and let the client read it without extra processes. If the client reads the data who cares? It has to. When data gets fired back to the server your game would require a system on the server that makes sure the request or what was sent is valid. In the simplest form this can be done with if statements.
2 Likes
Might prove to be very beneficial. But at some point, hackers will guess the key and symbols for each letter if it doesn’t change the key automatically after some time.
2 Likes
Already got that covered. It randomizes the list every time you convert 
.
1 Like
If server randomizes, how will the client know how to decode?
1 Like
When converting, it returns a list of the symbols used to encrypt the message. You then give that list to the decrypting function and it uses it to decrypt the message.
1 Like
Anything relying on the client is doomed to fail, so I would never label it as preventing anything. Nothing ever stops the exploiter from just requiring and using the same module.
5 Likes
They’ll always be able to decrypt it, particularly if every client has the decryption function in their interface.
I’d figure out a way to not send the sensitive data to the player if it’s so important.
I personally nil every value in all my data tables before sending it to the client. Anything they dont need to know I wipe.
3 Likes
i would like to know the explicit cases in which you would want to hide this “data” from the client.
an extra layer of obfuscation won’t help your case (it just adds more work), and any data that’s sent to a client is most definitely going to be decrypted anyhow.
if the messages you’re sending to a client also involves confidential information about other players, then you’ll need some redesigning to do.
2 Likes
Why would you send the data to the client in the first place if you didn’t want them to see it. 
I think you misunderstood, the point is there is sensitive data, i.e
local t = { some_sensitive_info = ..., some_other_stuff = ..., ...}
but what is done is something like
t.some_sensitive_info = nil
remote:FireClient(player, t) -- no sensitive info sent in the first place anymore
2 Likes
Exactly my point: Why send data to the client in the first place if you don’t want them to see it. Simply just don’t send it. I do not understand why the author of this post is going through extra efforts or encrypting and decrypting the data when they could just not send it in the first place.
3 Likes
That is what is happening tho; it’s not being sent???
2 Likes
@sjr04 I am talking about what this person is doing.
1 Like
I see, i was just trying to expand on what Alkan was saying ;p
2 Likes