yankana
|
  |
| Joined: 17 Jun 2011 |
| Total Posts: 431 |
|
|
| 28 Sep 2016 12:38 PM |
I'm not 100% sure this is how it works but I am an experienced scripter and this suggestion associates with FilteringEnabled.
With FilteringEnabled, it gets much more difficult to exploit servers. However, it is still possible to exploit them thru Remotes (RemoteEvents & RemoteFunctions). But, how about remotes that are only accessible from protected LocalScripts. A protected LocalScript should be unable to access or interact with by other unprotcted LocalScripts.
Attempting to interfere with a protected LocalScript (for example setting "Disabled" to true or calling Destroy on it) through an unprotected LocalScript should cause an error. Also, protected LocalScripts could be hidden from the client but still ran on it. LocalScripts should have a property in Studio called "Protected". This property should have LocalUserSecurity and is hidden in-game.
For the record, add this property in RemoteEvents and RemoteFunctions, meaning they can only be accessed by protcted LocalScripts and normal Scripts. Attempting to call FireServer or InvokeServer on a RemoteEvent or RemoteFunction should return an error, that is, if it's findable by the client.
Also, while at it, maybe add this property to all instances (or most of them)? |
|
|
| Report Abuse |
|
yankana
|
  |
| Joined: 17 Jun 2011 |
| Total Posts: 431 |
|
|
| 28 Sep 2016 12:40 PM |
Attempting to call FireServer or InvokeServer on a RemoteEvent or RemoteFunction **through an unprotected LocalScript** should return an error
Sorry, corrected it there. |
|
|
| Report Abuse |
|
Alex645ca
|
  |
| Joined: 02 Feb 2009 |
| Total Posts: 2531 |
|
|
| 28 Sep 2016 01:23 PM |
| While this would theoretically work, enough effort in modifying the client to ignore LocalUserSecurity and the like would probably be able to get through it. |
|
|
| Report Abuse |
|
| |