I've been told that RemoteEvents get their UserId through locally or through the Client. I am also told that Exploiters can access another clients PlayerGui Folder. Apparently, exploiters can use something called debug.profilebegin
to access another clients PlayerGui Folder.
My scripts are designed to make sure anyone who isn't under the Admin ID list can't get access to these controls or even if they get access to the controls themselves, every time a button is pressed... it checks to see if the users UserId is equal to one of the adminIDs.
I have nothing to go off of to know what I can improve on but I want to make sure that my code is unable to be exploited against me.
Is my script secure and not exploitable? What else do I need to know?
--Made By MillerrIAm -------------------Variables------------------ Event = game.ReplicatedStorage.ColorEvents.ExampleEvent adminCheck = require(game.ServerScriptService["Scripts|Admins"]["ModuleScript|AdminCheck"]) ------------------Main Script------------------ Event.OnServerEvent:Connect(function(plr,function1,function2) if adminCheck.Activate(plr) then end end)
--[Made By MillerrIAm]-- --------[Variables]------- local player = game:GetService("Players") ---------[Admins]-------- adminIDs = {678299,4947564} --[[UserIds in order = {"MillerrIAm" = 678299,"NemesisY2J"}]] --------[Main Code]------ local adminCheck = {} function adminCheck.Activate(plr) for i,Admin in ipairs (adminIDs) do if plr.UserId == Admin then print("Admin Started") return true else return false end end end return adminCheck
Thank you for any feedback you give me.
Exploiters can access anything other than server storage and server script service. Although that may happen think of it like a local script. That's what a exploiter uses. Exploiters can delete literally anything or change any value BUT only for themselves. For games like prison life no clippers can just set the walls to cancollide false but as seen nobody else can walk through the walls. For a hacker to edit the server they would use remote events to access it. Now accessing the server with remote events means they can only effect the world by using the remote event thats connected to a script. The script is usually the target and the remote event is abused. Simple make sure that the server script checks all the player info (ex: do they have this item before placing it) and if everything is good than allow it to happen.
Exploits are preventable.
I DON'T RECOMMEND THE LINE BELOW THIS (Also if you want your game to be exploited turn of filtering enabled in the workspace properties.)