Hello scripting helpers.
I am making a game but i found a really serius bug.
Exploiters can fire a remote event and then add every item that they want in the intire game to their inventory. The remote event is being used for crates that run on the client side.
My question is: How can i make the remote event safe from exploiters so they can't add items to their inventory?
I do not recommend saving the crates or any important data such as "money" (as an example) on the client side. Instead of saving crucial data via client, save it on the server side. Use the server to store and manage data and use the client to display that data.
Since you are using crates, create a remote event that calls to open the create. When that remote event gets fired the event sends the player's name as the very first parameter. You can use it to locate the player.
Example:
script.RemoteEvent.OnServerEvent:connect(function(plr) --Plr is the name of the player who ran the server event; the name can be anything you want. --Your code-- end)
So the server randomly chooses an item from the crate (if this is how your crate system works). It can then use the player's name to put it into their inventory. I recommend saving these items into the server's storage.
Example:
randomItem = {"Gun", "Knife", "Dollar"} --Random items script.RemoteEvent.OnServerEvent:connect(function(plr) --When the server event is fired local givenItem = randomItem[math.random(1, 3)] --Randomly choses an item from the table local clonedItem = game.ServerStorage[givenItem]:Clone() --Clones the item from the server's storage clonedItem.Parent = game.Players[plr].StarterGear --Moves the cloned item into the Player's starter inventory end)
Hope this helps; if you got any questions please contact me. ;)