Composure
|
  |
| Joined: 05 Mar 2011 |
| Total Posts: 28 |
|
|
| 07 Sep 2014 01:30 PM |
Hello, I'm an old scripter on alternative account for the time being. I am planning to build an interesting game and a concept, however, due to ROBLOX's history of being easily exploited and manipulated (granted, it's hard to secure a game like this) I feel a bit uneasy about proceeding. I haven't been on ROBLOX in about 2-3 years now and my knowledge is very outdated. Anyways, I'll get to my questions and hopefully someone (a developer would be favored) could help answer.
Can scripts be still read through memory editors and if yes, is there any way to encrypt it (load-string can be decrypted easily)?
If an exploiter were to join my server and say he has level 7 access. Would he be able to manipulate the HTTPS Post requests and get requests to my website? Or does ROBLOX have something to prevent this from proceeding?
How friendly is ROBLOX to client modifications? I was possibly thinking of creating a client for ROBLOX. The client will do things such as show my servers available for play, and a few other things.
Those are some of my main questions that I would wish to be answered with accuracy. Also, if anybody has a source that has all the updated news from the past one, two years so I can catch up and learn what is new would be awesome!
Thanks, Composure.
|
|
|
| Report Abuse |
|
|
|
| 07 Sep 2014 01:32 PM |
| There's a new optional security feature on ROBLOX called FilteringEnabled. Check the wiki for documentation. (wiki.roblox.com) |
|
|
| Report Abuse |
|
|
Composure
|
  |
| Joined: 05 Mar 2011 |
| Total Posts: 28 |
|
|
| 07 Sep 2014 01:38 PM |
@Fluffmiceter
Well, thanks for your reference, but it doesn't really answer any of my questions.
I would like to prevent exploiting occurring in the game, but inevitably it'll be exploited whether I like it or not, and regardless if I have the feature enabled or not. My goal is not to create an exploit proof game, my goal is to prevent the exploiter from causing damage to my website or anything else that it contains. |
|
|
| Report Abuse |
|
|
Seranok
|
  |
| Joined: 12 Dec 2009 |
| Total Posts: 11083 |
|
|
| 07 Sep 2014 01:45 PM |
> Can scripts be still read through memory editors and if yes, is there any way to encrypt it (load-string can be decrypted easily)? Server scripts can't be read by clients anymore, so they are secure. Scripts which run on the client however can be read, so don't put any secrets there.
> If an exploiter were to join my server and say he has level 7 access. Would he be able to manipulate the HTTPS Post requests and get requests to my website? Or does ROBLOX have something to prevent this from proceeding? No he wouldn't. One thing to keep in mind: if you are using a RemoteFunction to allow clients to send HTTP requests, make sure to pcall the call to HttpService:GetAsync server-side so the URL doesn't get leaked in the error message. |
|
|
| Report Abuse |
|
|
Composure
|
  |
| Joined: 05 Mar 2011 |
| Total Posts: 28 |
|
|
| 07 Sep 2014 01:51 PM |
@Seranok
Thanks for your answers.
By the way, is there a limit on how much information I can send/receive through the HTTPService?
|
|
|
| Report Abuse |
|
|
|
| 07 Sep 2014 01:55 PM |
@Comp
I don't think there's a limit. It's endless, or unlimited if you'd like to call it that. |
|
|
| Report Abuse |
|
|
Merely
|
  |
| Joined: 07 Dec 2010 |
| Total Posts: 17266 |
|
|
| 07 Sep 2014 01:57 PM |
| No, script sources do not replicate to the client. It's safe from exploiters. |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2014 02:54 PM |
| The compiled Lua still replicates, and there are things like unluac. It's not totally safe from clients, albeit it's much more of a pain. |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2014 02:55 PM |
We need an edit button. Or 5 of them.
Anyways, I forgot to mention that it does seem it's being attempted to be hidden (every 40th byte? that's too regular, man!) although it should be fairly easy to get around that. |
|
|
| Report Abuse |
|
|
bohdan77
|
  |
| Joined: 10 Aug 2008 |
| Total Posts: 7944 |
|
|
| 07 Sep 2014 04:19 PM |
ROBLOXs security has increased massively over the years.
As was previously mentioned, it is highly recommended that you create your game with filteringenabled. As this prevents all(but physics) changes to be replicated to the server. |
|
|
| Report Abuse |
|
|
bohdan77
|
  |
| Joined: 10 Aug 2008 |
| Total Posts: 7944 |
|
|
| 07 Sep 2014 04:19 PM |
@TheLuaWeaver
Rather, ROBLOXs forum software should be thrown out into the trasher, and something new needs to be put in its place.
|
|
|
| Report Abuse |
|
|
|
| 07 Sep 2014 07:17 PM |
Any context besides 2 and 3 can disable FilteringEnabled. So.. someone with "level" 7 would be able to disable filtering. |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2014 08:26 PM |
| ...it's implemented on the server, you silly. Disabling it on the client won't do anything. |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2014 10:13 PM |
| Actaully there is a data limit to HttpService, not in Data Amounts, but there is a limit of 60+10*(numplayers) requests/posts per minute |
|
|
| Report Abuse |
|
|
Seranok
|
  |
| Joined: 12 Dec 2009 |
| Total Posts: 11083 |
|
|
| 08 Sep 2014 01:53 AM |
| Actually HttpService has a hard limit of 500 requests per minute. You are thinking of DataStore dogwarrior24. |
|
|
| Report Abuse |
|
|
|
| 08 Sep 2014 06:13 AM |
| ^ 500 requests per minute isn't enough to power a forum. Nor is the data store limit. qq |
|
|
| Report Abuse |
|
|
|
| 08 Sep 2014 05:51 PM |
| ^You don't need a forum, and even if you did, 500/m is more than enough. I don't do 8+1/3 requests per second for the raw forum data here... |
|
|
| Report Abuse |
|
|