Scripting Helpers is winding down operations and is now read-only. More info→
Ad
Log in to vote
0

How can I know for sure if something belongs on Client or Server?

Asked by
illumines 14
5 years ago

For a Script Module that reward players currency, should I just put that in the server storage and have a RemoteEvent, to access the value to be rewarded, so that the exploiters cannot alter that value? I'm afraid if I don't code everything on the server, hackers will take over my game.

Any suggestions for this particular case and future cases that put in server or replicated?

1
If it rewards player currency then it should probably only be accessed via the server and put in serverstorage so that the client cannot access the module. You can essentially assume that the client can manipulate anything in a local script (and a module required by a local script) Vulkarin 581 — 5y

1 answer

Log in to vote
0
Answered by
User#22604 1
5 years ago
Edited 5 years ago

If you can abuse it, put it on the server. Never trust the client, don't trust what comes through a remote event. If you have a remote event telling the server to reward x cash, an exploiter can come in and fire to the server "yo give me 1000000000000 cash thanks in advance".

For what should and shouldn't be local, it's relatively simple. If it won't affect other players, (like UI) you can keep it local. If it affects other players (like having money) then you should try to keep as much of it on the server as possible.

Related devforum posts: Exploiting Explained, Requests vs. Demands, Comment on a post about Filtering Enabled

Ad

Answer this question