generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: FE - Touched part spoofing

Previous Thread :: Next Thread 
Applier is not online. Applier
Joined: 25 Jul 2011
Total Posts: 68
21 Aug 2016 01:24 AM
Can this be "spoofed" or exploited?

-- LocalScript detects touch
script.Parent.Touched:connect(function(hit)
if hit.Name == 'test' then
something:InvokeServer(hit, hit.StringValue)
end
end)

-- Event listener

function something.OnServerInvoke(player, hit, str)
if hit and str and str.Value ~= '' then
print'yay'
else
print'hax'
player:Kick()
end
end
Report Abuse
thedailyblarg is not online. thedailyblarg
Joined: 26 Feb 2012
Total Posts: 5506
21 Aug 2016 01:26 AM
you can just do this on a server script

script.Parent.Touched:connect(function(hit)
local plr = game.Players:GetPlayerFromCharacter(hit.Parent)
if plr then
--blah
end
end)
Report Abuse
Applier is not online. Applier
Joined: 25 Jul 2011
Total Posts: 68
21 Aug 2016 03:36 AM
Just curious though, does it?
Report Abuse
RemasteredBox is not online. RemasteredBox
Joined: 19 Jun 2016
Total Posts: 2140
21 Aug 2016 03:57 AM
if they wanted, yea


-R.B. Box (Regalius Boxikins Box)
Report Abuse
Applier is not online. Applier
Joined: 25 Jul 2011
Total Posts: 68
21 Aug 2016 11:27 AM
I mean like how so? Because the event fired sends the part itself and the string value itself.

The server event checks if the part exists in workspace (works I tried it). Meaning, if a player were to (e.g) spawn a brick with a specific name 'Hitbox' and a string value named 'GiveValue', the server would check if THAT brick and string value exists in the actual server.

I thought it'd be pretty secure, but would they be able to mess around with it if they can't truly spoof those objects?
Report Abuse
Rerumu is not online. Rerumu
Joined: 11 Oct 2014
Total Posts: 950
21 Aug 2016 11:40 AM
It's handled via local script, if they really wanted they could change the source.
Report Abuse
Applier is not online. Applier
Joined: 25 Jul 2011
Total Posts: 68
21 Aug 2016 11:44 AM
But all it does is send information that this player touched this brick. :'(
They could use the RemoteFunction anyway, since I also check for distance when I check.

Still secure or not secure?
Report Abuse
Rerumu is not online. Rerumu
Joined: 11 Oct 2014
Total Posts: 950
21 Aug 2016 11:47 AM
That would make it a bit more secure but then it'd be just better to use a server script xd
Report Abuse
Client_Replicated is not online. Client_Replicated
Joined: 18 Jul 2011
Total Posts: 1567
21 Aug 2016 11:51 AM
Trust the client as little as possible when using FE
Report Abuse
Applier is not online. Applier
Joined: 25 Jul 2011
Total Posts: 68
21 Aug 2016 11:53 AM
Alright thanks
Report Abuse
Rerumu is not online. Rerumu
Joined: 11 Oct 2014
Total Posts: 950
21 Aug 2016 11:56 AM
Hue, dont trust him. He's a client replicated item.
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image