generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: Why Scripts Shouldn't be Validated on Client

Previous Thread :: Next Thread 
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
22 Jul 2012 08:15 PM
When you enter a game, for every LocalScript, ScriptContext sends a request to a certain page to check if the Script is blacklisted. I believe the intention is to prevent Free Models Scripts with viruses from running. The problem is that exploiters can modify the responses from that page using a tool such as Fiddler to disable all LocalScripts from running, which is useful in preventing anti-exploiter Scripts from interfering.

Additionally, for some reason this page returns a false positive whenever a new Gear comes out. For the first couple of days calls to InsertService::LoadAsset will return the Model without any Scripts which would otherwise have been there.

Another reason to remove it is that it slows up the process of LocalScripts running, giving a few seconds delay. Since the LocalScript originates on the server, or is returned from a call to InsertService::LoadAsset, it would be simple for servers to load the entire list of blacklisted Scripts into their memory before they start, and then remove Scripts that match the hashes whenever they appear at any point in the game.
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
22 Jul 2012 08:16 PM
> entire list of blacklisted scripts
> requesting over 2 TB every time a new server is made

...I don't see how that'll work.
Report Abuse
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
22 Jul 2012 08:16 PM
Note: the individual requests to that page do not take a few seconds. I was referring to when I opened my game in play solo and it made some 40 requests to that page.
Report Abuse
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
22 Jul 2012 08:17 PM
I meant request a full list of the hashes of blacklisted Scripts. I didn't want to go into too much detail because obviously exploiters can abuse this.
Report Abuse
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
22 Jul 2012 08:18 PM
And if the list of hashes is indeed excessive, then at least the server itself could make the requests, not the client.
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
22 Jul 2012 08:20 PM
InsertService isn't really that useful anymore, anyways. And the whole trusted model thing was a big blow-up. I say they should just remove both, or make it like before where InsertService would let you insert anything in public domain.
Report Abuse
NotATrap is not online. NotATrap
Joined: 08 Dec 2010
Total Posts: 26
22 Jul 2012 08:29 PM
Im sorry, but that won't exactly work. The entire point of LocalScripts is that the remote client executes the code, so the server would have to tell the client if the hash passes inspection of not anyways. Its currently:
LocalScript created -> ScriptContext approves ->Client runs

While you would have it
LocalScript created ->Game server sends http pacet ->Game server sends auth ->Client runs
Which would only increase the load on the server, and even then, I'm not entirely sure LocalScripts' Source even IS replicated to the server. In either case, you could still man-in-the-middle either the ScriptContext http packet or the server's auth packet.
Report Abuse
MrNicNac is not online. MrNicNac
Joined: 29 Aug 2008
Total Posts: 26567
22 Jul 2012 08:37 PM
Just make your game and stop worrying about technical junk....
Report Abuse
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
22 Jul 2012 08:47 PM
I already made my game. I just hate when new Gear don't work for 2 days cause of some fail validation...
Report Abuse
JulienDethurens is not online. JulienDethurens
Joined: 11 Jun 2009
Total Posts: 11046
22 Jul 2012 09:25 PM
@Techboy6601

The InsertService isn't useless at all.

I use it a lot.
Report Abuse
xSIXx is not online. xSIXx
Joined: 06 Aug 2010
Total Posts: 9202
22 Jul 2012 09:29 PM
why is roblox not promoting free model viruses?

seriously, this makes no sense. for a game based on creativity, there has to be a massive downside of using public domain scripts.
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
22 Jul 2012 09:39 PM
Because the second some clueless parent hears the word "virus"...
Report Abuse
ArceusInator is not online. ArceusInator
Joined: 10 Oct 2009
Total Posts: 30553
22 Jul 2012 09:44 PM
Why do we call them viruses? They should be called self-destructive punishment machines. Yeah, SDPMs.
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
22 Jul 2012 09:46 PM
You mean electric chairs duct-taped to suicide bombs?
Report Abuse
ArceusInator is not online. ArceusInator
Joined: 10 Oct 2009
Total Posts: 30553
22 Jul 2012 09:57 PM
Wait, what?
Report Abuse
127001chum is not online. 127001chum
Joined: 31 Dec 2011
Total Posts: 128
22 Jul 2012 09:58 PM
lol, he confused arceus :3
Report Abuse
agent767 is not online. agent767
Joined: 03 Nov 2008
Total Posts: 4181
22 Jul 2012 09:58 PM
I would now say something that could be considered "unsave" for small children(that`s why we have wargroups/wargames) and just say meh.
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
22 Jul 2012 10:00 PM
@arceus

Self ] Suicide
Destructing ] Bomb
Punishment ] Electric
Machine ] Chair
Report Abuse
ArceusInator is not online. ArceusInator
Joined: 10 Oct 2009
Total Posts: 30553
22 Jul 2012 10:06 PM
"Self ] Suicide
Destructing ] Bomb
Punishment ] Electric
Machine ] Chair"

I don't know how you derived those words from SDPM, but I"m going to need to confiscate your brain for further testing.
Report Abuse
agent767 is not online. agent767
Joined: 03 Nov 2008
Total Posts: 4181
22 Jul 2012 10:13 PM
Let`s dissect him...
Report Abuse
trappingnoobs is not online. trappingnoobs
Joined: 05 Oct 2008
Total Posts: 19100
23 Jul 2012 03:43 AM
lets just kill him
Report Abuse
slayer219 is not online. slayer219
Joined: 15 Nov 2008
Total Posts: 3445
23 Jul 2012 04:11 AM
*how about we just let him go?*
Report Abuse
tonykaree13 is not online. tonykaree13
Joined: 04 Nov 2010
Total Posts: 3826
23 Jul 2012 04:14 AM
Im sorry, but that won't exactly work. The entire point of LocalScripts is that the remote client executes the code, so the server would have to tell the client if the hash passes inspection of not anyways. Its currently:
LocalScript created -> ScriptContext approves ->Client runs

While you would have it
LocalScript created ->Game server sends http pacet ->Game server sends auth ->Client runs
Which would only increase the load on the server, and even then, I'm not entirely sure LocalScripts' Source even IS replicated to the server. In either case, you could still man-in-the-middle either the ScriptContext http packet or the server's auth packet.



Report Abuse
Merely is not online. Merely
Joined: 07 Dec 2010
Total Posts: 17266
23 Jul 2012 11:57 AM
@tonykaree13

I'm 99% sure that LoadAsset actually occurs on the server, to prevent people from injecting arbitrary XML. So the call to the script validation page can occur then. It's not going to take any more time...
Report Abuse
ColorlessBody is not online. ColorlessBody
Joined: 21 Jun 2012
Total Posts: 193
23 Jul 2012 11:59 AM
@tonykaree13

Why do you re-post things posted by other people?
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image