Applier
|
  |
| Joined: 25 Jul 2011 |
| Total Posts: 68 |
|
|
| 21 Aug 2016 01:24 AM |
Can this be "spoofed" or exploited?
-- LocalScript detects touch script.Parent.Touched:connect(function(hit) if hit.Name == 'test' then something:InvokeServer(hit, hit.StringValue) end end)
-- Event listener
function something.OnServerInvoke(player, hit, str) if hit and str and str.Value ~= '' then print'yay' else print'hax' player:Kick() end end
|
|
|
| Report Abuse |
|
|
|
| 21 Aug 2016 01:26 AM |
you can just do this on a server script
script.Parent.Touched:connect(function(hit) local plr = game.Players:GetPlayerFromCharacter(hit.Parent) if plr then --blah end end) |
|
|
| Report Abuse |
|
|
Applier
|
  |
| Joined: 25 Jul 2011 |
| Total Posts: 68 |
|
|
| 21 Aug 2016 03:36 AM |
| Just curious though, does it? |
|
|
| Report Abuse |
|
|
|
| 21 Aug 2016 03:57 AM |
if they wanted, yea
-R.B. Box (Regalius Boxikins Box) |
|
|
| Report Abuse |
|
|
Applier
|
  |
| Joined: 25 Jul 2011 |
| Total Posts: 68 |
|
|
| 21 Aug 2016 11:27 AM |
I mean like how so? Because the event fired sends the part itself and the string value itself.
The server event checks if the part exists in workspace (works I tried it). Meaning, if a player were to (e.g) spawn a brick with a specific name 'Hitbox' and a string value named 'GiveValue', the server would check if THAT brick and string value exists in the actual server.
I thought it'd be pretty secure, but would they be able to mess around with it if they can't truly spoof those objects? |
|
|
| Report Abuse |
|
|
Rerumu
|
  |
| Joined: 11 Oct 2014 |
| Total Posts: 950 |
|
|
| 21 Aug 2016 11:40 AM |
| It's handled via local script, if they really wanted they could change the source. |
|
|
| Report Abuse |
|
|
Applier
|
  |
| Joined: 25 Jul 2011 |
| Total Posts: 68 |
|
|
| 21 Aug 2016 11:44 AM |
But all it does is send information that this player touched this brick. :'( They could use the RemoteFunction anyway, since I also check for distance when I check.
Still secure or not secure? |
|
|
| Report Abuse |
|
|
Rerumu
|
  |
| Joined: 11 Oct 2014 |
| Total Posts: 950 |
|
|
| 21 Aug 2016 11:47 AM |
| That would make it a bit more secure but then it'd be just better to use a server script xd |
|
|
| Report Abuse |
|
|
|
| 21 Aug 2016 11:51 AM |
| Trust the client as little as possible when using FE |
|
|
| Report Abuse |
|
|
Applier
|
  |
| Joined: 25 Jul 2011 |
| Total Posts: 68 |
|
| |
|
Rerumu
|
  |
| Joined: 11 Oct 2014 |
| Total Posts: 950 |
|
|
| 21 Aug 2016 11:56 AM |
| Hue, dont trust him. He's a client replicated item. |
|
|
| Report Abuse |
|
|