mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
|
| 06 Feb 2015 06:22 AM |
I want to make a game (tech demo) that utilizes the HTTP stuff, so I need a way to auhenticate requests from the server in case the urls are discovered. And it would be pointless if somebody could read the scripts.
~Monica |
|
|
| Report Abuse |
|
|
WishNite
|
  |
| Joined: 11 Feb 2009 |
| Total Posts: 15828 |
|
|
| 06 Feb 2015 06:34 AM |
| the client doesn't have access to the serverscriptstorage |
|
|
| Report Abuse |
|
|
|
| 06 Feb 2015 07:57 AM |
| Yup, but if you make it that a local script can manipulate a script, then the client has access to ServerScriptStorage. |
|
|
| Report Abuse |
|
|
|
| 06 Feb 2015 09:19 AM |
@Elite
You mean RemoteEvent... |
|
|
| Report Abuse |
|
|
|
| 06 Feb 2015 09:22 AM |
| No, he means if a LocalScript is able to manipulate a Script, they can have access to it. |
|
|
| Report Abuse |
|
|
|
| 06 Feb 2015 09:22 AM |
| ReplicatedStorage is for Localscript |
|
|
| Report Abuse |
|
|
|
| 06 Feb 2015 09:24 AM |
No, PlayerScripts is for LocalScripts. ReplicatedStorage is for storing things so that clients have access to it.
It's a shame PlayerScripts isn't enabled yet. |
|
|
| Report Abuse |
|
|
|
| 06 Feb 2015 09:24 AM |
| If you mean a LocalScript to edit Script, That's not possible unless LoadString |
|
|
| Report Abuse |
|
|
eLunate
|
  |
| Joined: 29 Jul 2014 |
| Total Posts: 13268 |
|
|
| 06 Feb 2015 09:40 AM |
| Actually, he means that if a LocalScript is bridged to a Script then the LocalScript has access to all the stuff the Script has, including loadstring() |
|
|
| Report Abuse |
|
|
mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
|
| 06 Feb 2015 02:21 PM |
So what you're saying is, to be safe I have to use remoteevents?
~Monica |
|
|
| Report Abuse |
|
|
eLunate
|
  |
| Joined: 29 Jul 2014 |
| Total Posts: 13268 |
|
|
| 06 Feb 2015 02:24 PM |
| No, what we're saying is that you should actually never grant LocalScripts the ability to manipulate a Script. RPCs should only be recievers at best, or one way bridges server > Client at most. |
|
|
| Report Abuse |
|
|
|
| 06 Feb 2015 02:25 PM |
I would use RemoteEvents. I only work with FilteringEnabled, so I can personally say it's much safer and can be used to do anything you can already do without it enabled. You just have to go out of your way to do a bit more work.
( ͡ಠ ͜ʖಠ) |
|
|
| Report Abuse |
|
|
mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
|
| 06 Feb 2015 02:26 PM |
Well the script that makes the HTTP requests will most definitely have to be talked too by the player in some way or another.
My server will be the authority on any going ons in the game.
~Monica |
|
|
| Report Abuse |
|
|
|
| 06 Feb 2015 02:29 PM |
If all you're doing is taking keyinput or chatted events from the client, you can send the arguments through a remoteevent. I'm not 100% sure what you're doing, so I don't have much to give on the subject.
( ͡ಠ ͜ʖಠ) |
|
|
| Report Abuse |
|
|
eLunate
|
  |
| Joined: 29 Jul 2014 |
| Total Posts: 13268 |
|
|
| 06 Feb 2015 02:29 PM |
What the suggestion is, is that a localScript can communicate with a Script, but it should never be allowed to manipulate one. localScripts cannot access ServerStorage or ServerScriptService, since their contents are not sent to the client, but if a Script had a RemoteEvent configured as a bridge, then the localScripts can manipulate the Script with full server access. This is a bad idea. |
|
|
| Report Abuse |
|
|
|
| 06 Feb 2015 02:32 PM |
The client wouldn't be able to manipulate the server script, only send arguments. If you set up a RemoteEvent sending the client's mouse position, all that the client can manipulate is the arguments it sends.
( ͡ಠ ͜ʖಠ) |
|
|
| Report Abuse |
|
|
eLunate
|
  |
| Joined: 29 Jul 2014 |
| Total Posts: 13268 |
|
|
| 06 Feb 2015 02:35 PM |
| Absoloutely. That's what I'm saying; never allow localScripts to manipulate Scripts. |
|
|
| Report Abuse |
|
|
|
| 06 Feb 2015 02:36 PM |
Alright, you just worded that strangely I guess, or it was just me being too tired to understand what you said completely xD
But yeah @OP, I would suggest RemoteEvents.
( ͡ಠ ͜ʖಠ) |
|
|
| Report Abuse |
|
|
mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
|
| 06 Feb 2015 02:41 PM |
I think I get what you're saying... The client scripts only send a few strings/numbers to the server to act on and relay to my http server. So I shouldn't have to worry.
~Monica |
|
|
| Report Abuse |
|
|
| |
|
|
| 06 Feb 2015 04:16 PM |
| What I mean is anything that can manipulate it, remote events, changing values, ... |
|
|
| Report Abuse |
|
|
|
| 06 Feb 2015 04:33 PM |
The client can't communicate with ServerScriptService without RemoteEvents when FilteringEnabled is on. I'm not sure about when FE is off though.
( ͡ಠ ͜ʖಠ) |
|
|
| Report Abuse |
|
|