Soybeen
|
  |
| Joined: 17 Feb 2010 |
| Total Posts: 21462 |
|
|
| 23 Apr 2016 08:10 AM |
If, for example, I had a local script that was set up to wait for a ClientEvent to be fired when a player by a certain name was confirmed (by a separate Script in the Workspace) to have joined the server, theoretically, could someone tamper with the receiving local script and fire that ClientEvent all on their own?
|
|
|
| Report Abuse |
|
|
gskw
|
  |
| Joined: 05 Jan 2013 |
| Total Posts: 1364 |
|
|
| 23 Apr 2016 09:18 AM |
| Of course they could. They could run any code ever. |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2016 09:26 AM |
i've always wondered if that's actually a problem to worry about
because 99% of script kiddies just change their speed or jump height which doesn't even replicate
#Code print("Add 13,000 posts") |
|
|
| Report Abuse |
|
|
Soybeen
|
  |
| Joined: 17 Feb 2010 |
| Total Posts: 21462 |
|
|
| 23 Apr 2016 09:27 AM |
So they can fire ANY client event I have waiting in a local script?
|
|
|
| Report Abuse |
|
|
|
| 23 Apr 2016 09:30 AM |
you probably have nothing to worry about
but if you are REALLY concerned, when the localscript is connecting with the server, just make sure nothing suspicious is going on by checking what the client is doing
for example
this is bad
client asks server for h4xer weapon
server: ok
this is better
client asks server for h4xor weapon
server: you need more moniez!1
client: shucks
#Code print("Add 13,000 posts") |
|
|
| Report Abuse |
|
|
Soybeen
|
  |
| Joined: 17 Feb 2010 |
| Total Posts: 21462 |
|
|
| 23 Apr 2016 09:31 AM |
It'd be the other way around, the server is detecting when a player joins, and then firing a ClientEvent.
Can they just fire that ClientEvent anyways?
|
|
|
| Report Abuse |
|
|
|
| 23 Apr 2016 09:31 AM |
if the server is firing the client then i don't think a hacker can mess with it
a hacker(and even still this is very difficult) would only be able to fire the server from a localscript
#Code print("Add 13,000 posts") |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2016 09:39 AM |
what u do is have 1 remote event to communicate with, but the first argument you send is what function should be fired. With this, the hacker would need to know your exact function names to even do anything. if you want even more security just start all of your function names with a certain 'code'. example;
--local script remoteevent:FireServer("ChangeWalkspeed")
--server script
local functions = { function ChangeWalkspeed(player,...) --stuff end }
function remoteevent.OnServerEvent(player,func,...) if functions[func] then functions[func](player,...) else error("Function",func,"not found!") end end
Instance.new("BodyThrust",SenseiWarrior).position = CFrame.new(SenseiWarrior,YourGirlsDMs) |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2016 09:46 AM |
sensei has what u want
bc the hacker will never see your function names because hackers can't access server scripts
but in reality, i don't even know if hackers can actually mess with the client like we're speculating
#Code print("Add 13,000 posts") |
|
|
| Report Abuse |
|
|