AntiFiter
|
  |
| Joined: 14 May 2009 |
| Total Posts: 12290 |
|
|
| 22 May 2015 07:50 PM |
My game is all gui based, no roblox physics.
All the gui's have localscripts instead of serverscripts. Filtering is also enabled. Since there is no group features with the gui's (where players might 'share a screen'), having the local scripts only change your local gui's (and not change it on the server) is no problem, because no one else needs to see your gui, and you can still play the game.
This is where it gets a bit complicated.
I have one main cash value. Everytime the "Money" value (int) is changed, the local script fires a remote event. A server script then has its own Money value inside it, different from the local value that all the localscripts change, which that script then changes. This is the only way for the server to see the money. The amount in the server script could be seen as 500 on the server, while the "local" money value still 0. This is so the datastore can save it.
Here's my main concern. If I understand how hackers work, is they insert their own local scripts. Now, even if filtering is enabled, just changing that local value for Money would change the server's value as well because of the remote event. Because of this, filtering wouldn't prevent money hacking still. Is this true?
|
|
|
| Report Abuse |
|
|
chimmihc
|
  |
| Joined: 01 Sep 2014 |
| Total Posts: 17143 |
|
|
| 22 May 2015 07:52 PM |
The way you're doing it you might as well not use FE.
I script -~ chimmihc |
|
|
| Report Abuse |
|
|
AntiFiter
|
  |
| Joined: 14 May 2009 |
| Total Posts: 12290 |
|
|
| 22 May 2015 07:54 PM |
If anything, filtering will prevent hackers from just deleting people's guis.
How can I make the system work? Other people have money values.
-- Money -- All local scripts in the gui change this
-- Script -- Receives RemoteEvent with Money ^ value, changes server money --- ServerMoney
-- LocalScript -- .Changed for Money triggers RemoteEvent |
|
|
| Report Abuse |
|
|
|
| 22 May 2015 07:57 PM |
Without FE, people still can't see other people's PlayerGuis...
If you tell the server to change the money to X value, the foundation is really bad. The one tip for client-server communication, never trust data the client sends. If you don't have a way to verify the data is valid, re-design your game. |
|
|
| Report Abuse |
|
|
chimmihc
|
  |
| Joined: 01 Sep 2014 |
| Total Posts: 17143 |
|
|
| 22 May 2015 07:57 PM |
You should be handling the money the other way around, hackers can change anything on their client.
I script -~ chimmihc |
|
|
| Report Abuse |
|
|
|
| 22 May 2015 07:58 PM |
There needs to be some type of filter to [how] the data is validated. You didn't give any information to what the game is, minus money (WHAT IS THE MONEY USED FOR?)
So it's very hard, because you are vague. Give a real example. |
|
|
| Report Abuse |
|
|
AntiFiter
|
  |
| Joined: 14 May 2009 |
| Total Posts: 12290 |
|
|
| 22 May 2015 07:59 PM |
| It's a casino game. If you win something like, slots, the local script changes the local value. Pretty simple. Any suggestions how to make it hacker proof? |
|
|
| Report Abuse |
|
|
|
| 22 May 2015 08:00 PM |
Lmao I am making one.
-Gets out of thread-
Just saying, you don't understand what you're doing with FE. |
|
|
| Report Abuse |
|
|
AntiFiter
|
  |
| Joined: 14 May 2009 |
| Total Posts: 12290 |
|
|
| 22 May 2015 08:03 PM |
| I know how FE works, how client changes don't replicate to the server, but I'm not really grasping how to fix this problem. I've pretty much explained how the system works. Any solutions? |
|
|
| Report Abuse |
|
|
AntiFiter
|
  |
| Joined: 14 May 2009 |
| Total Posts: 12290 |
|
|
| 22 May 2015 08:08 PM |
| I wouldn't be able to use server scripts as the script for the slot machines, because it wouldn't run in the playergui. So it has to be localscript |
|
|
| Report Abuse |
|
|
|
| 22 May 2015 08:08 PM |
| u tell everyone to use fe and then get surprised when they cant or use it incorrectly lol |
|
|
| Report Abuse |
|
|
AntiFiter
|
  |
| Joined: 14 May 2009 |
| Total Posts: 12290 |
|
|
| 22 May 2015 08:15 PM |
| Any suggestions how to make it not exploitable? |
|
|
| Report Abuse |
|
|
|
| 22 May 2015 08:16 PM |
| disable fe and get an anti exploit |
|
|
| Report Abuse |
|
|
AntiFiter
|
  |
| Joined: 14 May 2009 |
| Total Posts: 12290 |
|
| |
|
hdtv13
|
  |
| Joined: 18 Sep 2012 |
| Total Posts: 1628 |
|
|
| 22 May 2015 08:37 PM |
You have been told, no one is going to recreate your code.
I have skin, potatoes have skin, therefore I'm a potato. |
|
|
| Report Abuse |
|
|
AntiFiter
|
  |
| Joined: 14 May 2009 |
| Total Posts: 12290 |
|
|
| 22 May 2015 08:47 PM |
No one suggested a method on how to fix it
And no, I don't remember asking for any code. |
|
|
| Report Abuse |
|
|
AntiFiter
|
  |
| Joined: 14 May 2009 |
| Total Posts: 12290 |
|
| |
|
Scripth
|
  |
| Joined: 23 Jun 2013 |
| Total Posts: 1724 |
|
|
| 22 May 2015 10:40 PM |
I'd recommend using the remoteevents to cast the updated money value to the server but use the server to double check their money from the previous value so they can't scale up over a certain amount over a certain amount of time, depending on how you all have it set up you could do it differently but just make sure to have double checks on all your values in the server
if you could i'd make anything that would gain money locally just fireserver with whatever type of profit they get for it so you could use the server to just parse thru all this and check what types of money they picked up in the server and then use the server to calculate and change the value |
|
|
| Report Abuse |
|
|
|
| 22 May 2015 10:44 PM |
| You must store it in serverstorage so clients cant access it |
|
|
| Report Abuse |
|
|
AntiFiter
|
  |
| Joined: 14 May 2009 |
| Total Posts: 12290 |
|
|
| 23 May 2015 09:20 AM |
Based off what scripth said, here's what I've come up with
1. Whenever a localscript needs to add money, it fires a Remote Event called "Add" with how much coins to add 2. There is a server script tied to the remote event for "Add", and then it adds that much to their money in ServerStorage.
This is different because there's no money value in their playergui. Adding money has to be used through the remote event. Would this work? |
|
|
| Report Abuse |
|
|
| |
|
AntiFiter
|
  |
| Joined: 14 May 2009 |
| Total Posts: 12290 |
|
|
| 23 May 2015 02:45 PM |
I changed it this:
The Coins value is held in serverstorage. A local script can use the Remote events Add, Subtract, or GetCoins to Add coins, subtract coins, or get the number of coins. Will this help with security? |
|
|
| Report Abuse |
|
|
chimmihc
|
  |
| Joined: 01 Sep 2014 |
| Total Posts: 17143 |
|
|
| 23 May 2015 02:52 PM |
Until the exploiter figures out about the remote event and decides to fire it.
I script -~ chimmihc |
|
|
| Report Abuse |
|
|
|
| 23 May 2015 02:55 PM |
| Whenever the player interacts with the casiona, use some kind of remoteevent/remotefunction to tell the server, then have the server manage the money the player has that way. |
|
|
| Report Abuse |
|
|
AntiFiter
|
  |
| Joined: 14 May 2009 |
| Total Posts: 12290 |
|
|
| 23 May 2015 02:57 PM |
@nQ
I don't really need to use remote events for the entire casino, because it works fine since it's just a gui. Scripts also don't run in the gui because of filtering, so the slot machine has to be a local scripts, meaning the remote events that I set up. |
|
|
| Report Abuse |
|
|