|
| 27 Jan 2016 10:53 AM |
I have a mini-gui game within the game where you can get points. However, this makes an exploit possible with FilteringEnabled, as the client sends to the server. How can I fix this?
|
|
|
| Report Abuse |
|
|
fixylol
|
  |
| Joined: 14 Dec 2012 |
| Total Posts: 7412 |
|
|
| 27 Jan 2016 10:55 AM |
you can use remoteevents and remotefunctions to share info between the client and the server
Number of times opinion has changed: A lot. |
|
|
| Report Abuse |
|
|
chimmihc
|
  |
| Joined: 01 Sep 2014 |
| Total Posts: 17143 |
|
|
| 27 Jan 2016 11:04 AM |
You can:
A. Not have that game. B. Have the setup like this:
Client -> Ask for points -> Server checks the info given and if it seams legit, gives points
|
|
|
| Report Abuse |
|
|
|
| 27 Jan 2016 02:27 PM |
ask in the scripters forum next time
So unless I'm mistaken, you're trusting the data the client sends when they say they want to modify points or what not. This is the wrong way to approach things; instead, the client should be relaying input (i.e user wants to buy an item), and then the server runs checks to make sure the request is legit (user can afford the item, etc).
Don't trust the data the client sends if you're modifying important data, and don't handle sensitive data on the client. |
|
|
| Report Abuse |
|
|
|
| 27 Jan 2016 03:15 PM |
^ Precisely
Okay, well yeah don't hold any precious data within' the client. That is the whole reason of FE, to prevent local scripts from communicating with the server; so if you hold any server data, within' the client. Then there are still some possible exploits. Just hold your data in the server. Or, you can just have the server check the data, and see if it is reasonable. Like someone above said. |
|
|
| Report Abuse |
|
|
|
| 27 Jan 2016 03:24 PM |
| Handling sensitive data client-side is pretty much giving someone keys to your network. |
|
|
| Report Abuse |
|
|
litalela
|
  |
| Joined: 30 Mar 2010 |
| Total Posts: 6267 |
|
|
| 27 Jan 2016 03:36 PM |
longkill is copying rayk's old look
gg
➳Lɪᴛᴀʟᴇʟᴀ ɪs ᴍʏ ɴᴀᴍᴇ, Lᴜᴀ ɪs ᴍʏ ɢᴀᴍᴇツ |
|
|
| Report Abuse |
|
|
|
| 27 Jan 2016 03:45 PM |
i prefer the term "taking revenge for being a meanie"
get it? revenge? ray revenge? no? ugh |
|
|
| Report Abuse |
|
|
|
| 28 Jan 2016 12:21 AM |
"Client -> Ask for points -> Server checks the info given and if it seams legit, gives points"
Ok thanks, but the issue I'm having is how do you check if the info is valid since it's a number anyways.
|
|
|
| Report Abuse |
|
|
chimmihc
|
  |
| Joined: 01 Sep 2014 |
| Total Posts: 17143 |
|
|
| 28 Jan 2016 01:35 AM |
So you are pretty much telling the server how many points to add. Don't do that.
Give the server the data of the game, process that.
|
|
|
| Report Abuse |
|
|
|
| 31 Jan 2016 08:33 PM |
| Like when they do whatever is needed in the client gui to get the points, have the server add the points? |
|
|
| Report Abuse |
|
|
|
| 07 Feb 2016 09:48 PM |
| But then they can still do whatever the client did to communicate to the server to get the points :P. Can someone give me a code sample of how to do this? Thanks. |
|
|
| Report Abuse |
|
|
|
| 07 Feb 2016 10:12 PM |
--
Client --> Wins Round --> Server checks for winners --> Server gives points to client |
|
|
| Report Abuse |
|
|
|
| 16 Feb 2016 06:53 PM |
| Ok, the specific issue I'm having is I want the player to get points when they click something, but since the action (clicking) is done purely on the client end, I'm not sure how to make this secure. |
|
|
| Report Abuse |
|
|
|
| 19 Feb 2016 09:28 PM |
| Still not sure because if I keep track of the points on the server, the clients clicks are still telling the server to add the points, making the game exploitable :(. |
|
|
| Report Abuse |
|
|
| |
|
|
| 25 Feb 2016 09:46 PM |
| Have a intValue in the workspace, or somewhere. Then when the client clicks have the client go to that intValue, and take the points from it. |
|
|
| Report Abuse |
|
|
|
| 26 Feb 2016 11:01 PM |
| Yeah but I want the points to go up when they click, so not just read, but write. The issue is since the client does the clicking, it's exploitable. I can't seem to find a way around this :P. |
|
|
| Report Abuse |
|
|
|
| 27 Feb 2016 10:06 PM |
| This is more confusing than I thought... Am I missing something? Lol. |
|
|
| Report Abuse |
|
|
|
| 29 Feb 2016 10:13 PM |
| Bump of unanswered doom :( |
|
|
| Report Abuse |
|
|