MyHogs
|
  |
| Joined: 13 Feb 2017 |
| Total Posts: 22 |
|
|
| 12 Mar 2017 09:13 PM |
Would a client still be able to modify variables within the "Players" service through exploitation if that is enabled?
I want to have a folder within that used to store a series of Bool values to represent whether or not certain items are owned, as well as to store information such as a timestamp when that item can be used again. If I turn on FilteringEnabled, will that prevent modification of those values, or will clients still be able to trick the game into giving them that item for free? |
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 09:23 PM |
Players is part of the server, so any changes to it wouldn't replicate unless it was from the server.
Short: No. |
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 09:24 PM |
| Don't store your data on the client. |
|
|
| Report Abuse |
|
|
EvanHolt
|
  |
| Joined: 06 Sep 2008 |
| Total Posts: 1264 |
|
|
| 12 Mar 2017 09:35 PM |
Basically all that FilteringEnabled does is prevent things from replicating from the client to the server. This means that a hacker can still change any aspect of the game, but only they will notice the change. If you keep data in the server rather than the client, and always check that data from the server, a hacker's changes to that data won't matter.
If you want to store Bool values, I would suggest having the folder in the server and give it a name unique to each player. Something along the lines of "Bool_Values_For_Player_[player ID number]"
[ George Orwell taught me math! 2 + 2 = 5 ] |
|
|
| Report Abuse |
|
|
MyHogs
|
  |
| Joined: 13 Feb 2017 |
| Total Posts: 22 |
|
|
| 12 Mar 2017 10:27 PM |
| So the "Players" is all local storage, correct? In that case... what I did is basically what @EvanHold suggested, and put a PlyrInfo folder with ServerStorage, and have vaules being modified/checked/etc in there now. That's a bit safer? |
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 10:30 PM |
"Would a client still be able to modify variables within the "Players" service through exploitation if that is enabled?"
I don't know what you mean by that. The answer is yes, though. However, the change that the client made will not replicate, and will only be seen from the client who made the change.
|
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 10:31 PM |
"So the "Players" is all local storage, correct?"
I have no idea what you mean by that either. The Players service is a container for all Players currently in the game. It can be accessed both locally and on the server.
|
|
|
| Report Abuse |
|
|
doggy00
|
  |
| Joined: 11 Jan 2011 |
| Total Posts: 3571 |
|
|
| 12 Mar 2017 11:26 PM |
| Honestly, the best thing to do is just program your own security and screw FilteringEnabled. It isn't fool-proof and it can be bypassed, it just keeps most of the rookies and leechers out. |
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 11:28 PM |
"Honestly, the best thing to do is just program your own security and screw FilteringEnabled. It isn't fool-proof and it can be bypassed, it just keeps most of the rookies and leechers out."
AKA:
"I don't know how to script with FE so I'll just say a bunch of fake stuff about it" |
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 11:29 PM |
And the best thing to do if you take that route is to stop trying to prevent exploits altogether.
|
|
|
| Report Abuse |
|
|
doggy00
|
  |
| Joined: 11 Jan 2011 |
| Total Posts: 3571 |
|
|
| 12 Mar 2017 11:34 PM |
| AKA I play a lot of ROBLOX games and I've witnessed people bypass FilteringEnabled on several games such as Fencing. |
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 11:35 PM |
Clients can still successfully manipulate their character if you don't account for that too.
|
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 11:39 PM |
| You can't "bypass" FE, you can only exploit it. |
|
|
| Report Abuse |
|
|
doggy00
|
  |
| Joined: 11 Jan 2011 |
| Total Posts: 3571 |
|
|
| 12 Mar 2017 11:44 PM |
In that sense, you can exploit around it.
.-. |
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 11:47 PM |
"Program your own security" No
"It can be bypassed" Well, of course it can be, but clearly you're just an idiot and by 'bypassing' you mean 'exploiting because this game's network model sucks or it turns out it isn't actually FE.' |
|
|
| Report Abuse |
|
|
doggy00
|
  |
| Joined: 11 Jan 2011 |
| Total Posts: 3571 |
|
|
| 12 Mar 2017 11:49 PM |
Okay fine I used the wrong choice of words but can we not try starting a fight on the Scripters subforum???
Also I was kind of implying to not use ROBLOX as a developing platform because even when using FilteringEnabled there's still a whole lot you would need to patch on your own and anything can be exploited around. |
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 11:51 PM |
"but can we not try starting a fight on the Scripters subforum"
There's a difference between what you probably are referring to as a "fight" and an "argument", unless you are just afraid of getting proven wrong. This subforum is for scripting discussion, arguments included.
|
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 11:52 PM |
Also, FilteringEnabled is very effective.
|
|
|
| Report Abuse |
|
|
OzzyFin
|
  |
| Joined: 07 Jun 2011 |
| Total Posts: 3600 |
|
|
| 12 Mar 2017 11:53 PM |
"the best thing to do is just program your own security and screw FilteringEnabled"
Filtering is not a securiy feature. It is the correct way of handling the client/server model and should've always been a thing. |
|
|
| Report Abuse |
|
|
doggy00
|
  |
| Joined: 11 Jan 2011 |
| Total Posts: 3571 |
|
|
| 12 Mar 2017 11:56 PM |
It is very effective, but it can still be exploited around. I see your point, but nonetheless, the original point I was making was to program your own security, and there's no arguing against the fact that FE alone is hardly anything when against someone who actually knows how the FE works and knows how to exploit around it. |
|
|
| Report Abuse |
|
|
doggy00
|
  |
| Joined: 11 Jan 2011 |
| Total Posts: 3571 |
|
|
| 12 Mar 2017 11:58 PM |
| And I don't believe calling someone an idiot should be excluded from 'fighting', but that's just my opinion. |
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 11:58 PM |
"I see your point, but nonetheless, the original point I was making was to program your own security, and there's no arguing against the fact that FE alone is hardly anything when against someone who actually knows how the FE works and knows how to exploit around it."
I can't be the only one who thinks you don't know what you're talking about.
|
|
|
| Report Abuse |
|
|
|
| 12 Mar 2017 11:59 PM |
If you think the word "idiot" is offensive, then I wouldn't recommend ever disagreeing with someone here.
|
|
|
| Report Abuse |
|
|
doggy00
|
  |
| Joined: 11 Jan 2011 |
| Total Posts: 3571 |
|
|
| 13 Mar 2017 12:00 AM |
| Point taken, today is the first time I've posted here in a while, didn't realize Scripters subforum would become as harsh as OT. |
|
|
| Report Abuse |
|
|
doggy00
|
  |
| Joined: 11 Jan 2011 |
| Total Posts: 3571 |
|
|
| 13 Mar 2017 12:06 AM |
I would keep arguing back and forth but I'm going to surrender because I don't think your opinions will budge until you actually know how to exploit around FE or until you witness someone doing it.
The OP post was about storing boolean values in a folder to determine the ownership of certain items. He questioned if FE would help prevent the manipulation of those boolean values. The answer is yes and no. Yes if they use free exploits and no if they actually know how to code. |
|
|
| Report Abuse |
|
|