Scripting Helpers is winding down operations and is now read-only. More info→
Log in to vote
0
What does the phrase "Don't trust the client" mean?
So this is probably a unexpected question, but I am very curious. I've seen people use the phrase "Don't trust the client" and I think it has something to do with remote events, but I'm not sure. What does the phrase mean and if it does have something to do with remote events, is using Remote Events bad?
2 answers
Log in to vote
1
When working with network security (aka remote events [a client to server communication]), you never want to trust the client, always try to verify that what they are sending is real or plausible, in most cases, don't use any arguments for your remote events if you don't have to, this is because exploiters can run client sided lua, and execute remote events with whatever args they want.
0
Arguments when firing the RemoteEvent in the localscript or in the server script that is setting the function for the remote? User#21998 0 — 5y
0
I am referring to the arguments when you do something like remote.OnServerEvent:connect(function(plr, arg1, agr2) CPF2 406 — 5y
Log in to vote
0
Hi Shinjaa,
When people say don't trust the client, it's basically the same as saying don't trust what request the player's computer is sending. So, there are hackers in games and we don't want to trust their client because they exploit the RemoteEvents in the game for their own benefit.
So, we always want to question what the client wants done. Run some reasonable checks on it, like is this change a reasonable amount and such. So, whatever request that the client sends, you want to check if its valid or it could be a potential danger to the server and others in the server.
Hope I helped and have a wonderful day/night.
Thanks,
Best regards,
~~ KingLoneCat