generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Previous Thread :: Next Thread 
Composure is not online. Composure
Joined: 05 Mar 2011
Total Posts: 28
07 Sep 2014 01:30 PM
Hello, I'm an old scripter on alternative account for the time being. I am planning to build an interesting game and a concept, however, due to ROBLOX's history of being easily exploited and manipulated (granted, it's hard to secure a game like this) I feel a bit uneasy about proceeding. I haven't been on ROBLOX in about 2-3 years now and my knowledge is very outdated. Anyways, I'll get to my questions and hopefully someone (a developer would be favored) could help answer.

Can scripts be still read through memory editors and if yes, is there any way to encrypt it (load-string can be decrypted easily)?

If an exploiter were to join my server and say he has level 7 access. Would he be able to manipulate the HTTPS Post requests and get requests to my website? Or does ROBLOX have something to prevent this from proceeding?

How friendly is ROBLOX to client modifications? I was possibly thinking of creating a client for ROBLOX. The client will do things such as show my servers available for play, and a few other things.

Those are some of my main questions that I would wish to be answered with accuracy. Also, if anybody has a source that has all the updated news from the past one, two years so I can catch up and learn what is new would be awesome!

Thanks,
Composure.







Report Abuse
Fluffmiceter is not online. Fluffmiceter
Joined: 28 Jan 2012
Total Posts: 6931
07 Sep 2014 01:32 PM
There's a new optional security feature on ROBLOX called FilteringEnabled. Check the wiki for documentation. (wiki.roblox.com)
Report Abuse
Composure is not online. Composure
Joined: 05 Mar 2011
Total Posts: 28
07 Sep 2014 01:38 PM
@Fluffmiceter

Well, thanks for your reference, but it doesn't really answer any of my questions.

I would like to prevent exploiting occurring in the game, but inevitably it'll be exploited whether I like it or not, and regardless if I have the feature enabled or not. My goal is not to create an exploit proof game, my goal is to prevent the exploiter from causing damage to my website or anything else that it contains.
Report Abuse
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
07 Sep 2014 01:45 PM
> Can scripts be still read through memory editors and if yes, is there any way to encrypt it (load-string can be decrypted easily)?
Server scripts can't be read by clients anymore, so they are secure. Scripts which run on the client however can be read, so don't put any secrets there.

> If an exploiter were to join my server and say he has level 7 access. Would he be able to manipulate the HTTPS Post requests and get requests to my website? Or does ROBLOX have something to prevent this from proceeding?
No he wouldn't. One thing to keep in mind: if you are using a RemoteFunction to allow clients to send HTTP requests, make sure to pcall the call to HttpService:GetAsync server-side so the URL doesn't get leaked in the error message.
Report Abuse
Composure is not online. Composure
Joined: 05 Mar 2011
Total Posts: 28
07 Sep 2014 01:51 PM
@Seranok

Thanks for your answers.

By the way, is there a limit on how much information I can send/receive through the HTTPService?

Report Abuse
TehGabeNewell is not online. TehGabeNewell
Joined: 07 Feb 2013
Total Posts: 3165
07 Sep 2014 01:55 PM
@Comp

I don't think there's a limit. It's endless, or unlimited if you'd like to call it that.
Report Abuse
Merely is not online. Merely
Joined: 07 Dec 2010
Total Posts: 17266
07 Sep 2014 01:57 PM
No, script sources do not replicate to the client. It's safe from exploiters.
Report Abuse
TheLuaWeaver is not online. TheLuaWeaver
Joined: 09 Feb 2010
Total Posts: 1504
07 Sep 2014 02:54 PM
The compiled Lua still replicates, and there are things like unluac. It's not totally safe from clients, albeit it's much more of a pain.
Report Abuse
TheLuaWeaver is not online. TheLuaWeaver
Joined: 09 Feb 2010
Total Posts: 1504
07 Sep 2014 02:55 PM
We need an edit button. Or 5 of them.

Anyways, I forgot to mention that it does seem it's being attempted to be hidden (every 40th byte? that's too regular, man!) although it should be fairly easy to get around that.
Report Abuse
bohdan77 is not online. bohdan77
Joined: 10 Aug 2008
Total Posts: 7944
07 Sep 2014 04:19 PM
ROBLOXs security has increased massively over the years.

As was previously mentioned, it is highly recommended that you create your game with filteringenabled. As this prevents all(but physics) changes to be replicated to the server.
Report Abuse
bohdan77 is not online. bohdan77
Joined: 10 Aug 2008
Total Posts: 7944
07 Sep 2014 04:19 PM
@TheLuaWeaver

Rather, ROBLOXs forum software should be thrown out into the trasher, and something new needs to be put in its place.
Report Abuse
magiccube3 is not online. magiccube3
Joined: 19 Jul 2012
Total Posts: 185
07 Sep 2014 07:17 PM
Any context besides 2 and 3 can disable FilteringEnabled.
So.. someone with "level" 7 would be able to disable filtering.
Report Abuse
TheLuaWeaver is not online. TheLuaWeaver
Joined: 09 Feb 2010
Total Posts: 1504
07 Sep 2014 08:26 PM
...it's implemented on the server, you silly. Disabling it on the client won't do anything.
Report Abuse
dogwarrior24 is not online. dogwarrior24
Joined: 10 Nov 2010
Total Posts: 1401
07 Sep 2014 10:13 PM
Actaully there is a data limit to HttpService, not in Data Amounts, but there is a limit of 60+10*(numplayers) requests/posts per minute
Report Abuse
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
08 Sep 2014 01:53 AM
Actually HttpService has a hard limit of 500 requests per minute. You are thinking of DataStore dogwarrior24.
Report Abuse
Fluffmiceter is not online. Fluffmiceter
Joined: 28 Jan 2012
Total Posts: 6931
08 Sep 2014 06:13 AM
^ 500 requests per minute isn't enough to power a forum. Nor is the data store limit. qq
Report Abuse
TheLuaWeaver is not online. TheLuaWeaver
Joined: 09 Feb 2010
Total Posts: 1504
08 Sep 2014 05:51 PM
^You don't need a forum, and even if you did, 500/m is more than enough. I don't do 8+1/3 requests per second for the raw forum data here...
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image