So I have a remote function that returns a players data and I was wondering if the exploiter could somehow tamper with it
heres how it looks like
return PlayerData -- a Table of Data Cash, .. Currency ETC
Anything the client changes will only be changed for the client (Except for their own humanoid).
But in client to server remote events (which is :FireServer(Args)
) any argument can be exploited/changed to their liking. Same goes for RemoteFunctions, they can tamper with what the client returns to the server.
Anything the server sends (in events) to the client can't be altered directly, but they can however, disable (or remove) the scripts that handle the event (or ui / tools, etc), so that it doesnt do anything. (This is pretty bad with RemoteFunctions as they'll yield till they get a response, or a decently long timeout that you cant change yourself)
So yes, the client can technically change the variables that they get from a remote event; not directly, but simply by changing the things that the event would normaly change.
Always keep in mind: Anything from the client can be fake. Always secure remote events.