|
| 02 Aug 2012 09:14 AM |
| Trying to view a non-local script online will just show you a number, no script. But you can still disable them. |
|
|
| Report Abuse |
|
|
Tarabukka
|
  |
| Joined: 18 Jan 2011 |
| Total Posts: 394 |
|
|
| 02 Aug 2012 09:16 AM |
The proper approach: "Hey, let's put some time into reworking our architecture so it actually works the way people use it and is secure from the ground up!"
The Roblox approach: "Hey, let's put in this stop-gap fix that disables useful features while retaining our architecture that trusts the client with the whole game!"
(Just sayin') |
|
|
| Report Abuse |
|
|
MASHPIT
|
  |
| Joined: 16 Apr 2009 |
| Total Posts: 354 |
|
|
| 02 Aug 2012 09:16 AM |
Unfortunately, this seems to have broken all of my scripts. .__.
-Mash^2 |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 09:18 AM |
| This was the case a little while ago but the change was reverted the next day. |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 09:23 AM |
Well I was trying to see how my friend's autosave worked (he claimed it saved when the played left, which we know can't be achieved) and I looked in his save script and it just said 4. Admin script was 10, source script in admin was 11.
The problem with this is that some games are almost completely local. Still no protection. It's like Roblox is just putting ugly hacks into the client to fix the hacks. They offer little to no use and will still allow buildings to be copied, models to be inserted and games to be ruined. |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 09:24 AM |
Hmm.
When you do a Tools --> Test Solo are the scrips archived? |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 09:29 AM |
Yes, and you can read scripts in solo too.
(I didn't test this online BTW, which I just realised is what you meant) |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 09:34 AM |
Tested online in my Turretcar racing. Went to play solo and this happened:
Workspace.GameMain:1: unexpected symbol near '2'
So the answer is no, they stay as numbers in solo. Seems their servers replicate scripts to the client in weird ways. Replicate the object completely except the source... why? |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 09:41 AM |
I don't think most of you actually understand what ROBLOX is doing.
Making normal scripts not replicate isn't a stop-gap or anything like that. It _IS_ a proper way to do it.
The source of scripts has no reason to replicate, since these scripts don't need to run on clients and since the source isn't supposed to be readable in any way. |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 09:42 AM |
It is still a hack and nowhere near a permanent solution.
It would be a proper way to do it if there was other security to go along with it... |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 09:44 AM |
LocalScripts can't be protected because they're meant to be ran on the client.
It's like trying to protect JavaScript code from being copied on a website. That's completely stupid. The web browser needs to run the code, so how can it run the code if it can't even access it?
The same applies to buildings. What do you expect? Do you expect ROBLOX to calculate all the rendering and the physics on the server and send it to the clients so nothing can be copied?
Use your brain before saying ROBLOX is just using ugly hacks and things. If you worked for a company like ROBLOX, you'd understand that it's not that simple. |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 09:45 AM |
"It would be a proper way to do it if there was other security to go along with it..."
There _IS_ other security going with it.
This is far from being the only thing they plan to do about security... |
|
|
| Report Abuse |
|
|
myrkos
|
  |
| Joined: 06 Sep 2010 |
| Total Posts: 8072 |
|
|
| 02 Aug 2012 09:49 AM |
"The same applies to buildings. What do you expect? Do you expect ROBLOX to calculate all the rendering and the physics on the server and send it to the clients so nothing can be copied?"
No, but it would be better if the server only synced/sent to the client the blocks visible to it in a binary format (no XML); therefore, it would be very difficult for the client to retrieve the whole place. |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 09:49 AM |
| The only thing they have released for now I guess. Some client-studio seperation would be the permanent solution and then you could replicate anything you wanted because nobody would be able to copy it unless they captured Roblox's packets. |
|
|
| Report Abuse |
|
|
myrkos
|
  |
| Joined: 06 Sep 2010 |
| Total Posts: 8072 |
|
|
| 02 Aug 2012 09:52 AM |
"The only thing they have released for now I guess. Some client-studio seperation would be the permanent solution and then you could replicate anything you wanted because nobody would be able to copy it unless they captured Roblox's packets."
Or simply view the memory using something like CE. The only permanent solution would be to greatly restrict what the clients can manipulate in the server. |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 09:56 AM |
"Some client-studio seperation would be the permanent solution and then you could replicate anything you wanted because nobody would be able to copy it unless they captured Roblox's packets."
They're already planning to do that, but it won't be a permanent solution either.
However, it will make ROBLOX faster and safer in many ways.
They're also planning to do many other things. |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 09:59 AM |
"The only permanent solution would be to greatly restrict what the clients can manipulate in the server."
Believe it or not, but they're even planning to implement that.
They're implementing it in a way that will let us choose what we want to let the clients manipulate or not. We'll be able to decide what will replicate to the clients and what won't.
If we decide, for example, to make everything in the Lighting (but not the lighting itself) not replicate, then, obviously, the lighting will be safe.
---
As you can see, ROBLOX's developers aren't stupid. |
|
|
| Report Abuse |
|
|
myrkos
|
  |
| Joined: 06 Sep 2010 |
| Total Posts: 8072 |
|
|
| 02 Aug 2012 10:01 AM |
| @JulienDethurens, where did you get that info? |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 10:35 AM |
@myrkos
About the client-studio separation, from this forum and from the fact that they're already separated on the Mac version (or at least, it seems to be so).
About the fact that we're going to be able to choose what replicates and what doesn't, from this forum. |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 11:11 AM |
| Why haven'tt the changes that have been made to SFOTH been rolled out? |
|
|
| Report Abuse |
|
|
| |
|
|
| 02 Aug 2012 11:34 AM |
| Localscripts dn't replicate to the server. |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 11:40 AM |
Yeah... How does that affect SFOTH? |
|
|
| Report Abuse |
|
|
|
| 02 Aug 2012 11:42 AM |
Sorry. Changes made by localscripts don't replicate to the server.
Say, you inject the .dll at SFOTH and get admin. FF yourself, yet no-one else but you can see the FF and you can be killed. |
|
|
| Report Abuse |
|
|
stravant
|
  |
 |
| Joined: 22 Oct 2007 |
| Total Posts: 2893 |
|
|
| 02 Aug 2012 11:55 AM |
""Some client-studio seperation would be the permanent solution and then you could replicate anything you wanted because nobody would be able to copy it unless they captured Roblox's packets.""
This is not the case at all. LocalScripts still need the same datamodel as on the server to exist on the client to be able to run locally.
Also, this is not a stopgap, as said above, it is exactly how it should work, the scripts source should not replicate at all, since it is only needed on the client. The only reason that the numbers are there is so that the client can still act on server scripts that already exist and do stuff like clone them.
Localscripts could still be protected, it could be done by only replicating the bytecode of the localscript, basically automatically doing what many people are already to protect stuff. |
|
|
| Report Abuse |
|
|