So, i'm trying to make an event signature that cannot be viewed by the player decompiling the game, what i'm trying to do is pass a variable in a event with a Signature that can be accessed by both client and server but the client cannot view it by intializing the key in the Server, i don't think that's possible and i'm trying to find help to replace said issue or even fix the issue in an alternate way, please help!
#Event Safety
bright moss
half tusk
What is the point in this exactly?
bright moss
Safety in events
If exploiters get access in the code by decompliting it they cannot figure out what the encrypted key is, a server-unique signature
A variable 'Signature' is passed before the actual contents so server validates if 'ServerKey' is equal to 'PassedSignature' guaranteeing impossible access
I pretend to use Cryptography to encrypt a Server Unique key but i don't know how i'd be capable of resulting said actions above.
half tusk
I mean the client cannot access the server anynways
bright moss
I mean the client cannot access the server anynways
true, issue is Client needs the event that also goes to server, so i cant just move the event to server.
bright moss
With a RE or something close to it?
remote function
half tusk
Since the client can technically look at the memory and decompile the code, this can give them a lot of information on how your system is and how your game is laid out
And server -> client -> server with remote functions are unsafe
The server yields when requesting stuff from the client with remote functions
So a player can do weird shenanigans and send false data or make the server infinitely yield
bright moss
Hmm, true.
Well, we can head for alternatives, i just don't know how i can make an event have a game-unique signature where it cannot be found
Allowing safe calls.
bright moss
Why do you need this anyways?
The event manages a lot of important features..
half tusk
Like?
half tusk
The way you're handling it is already unsafe
bright moss
fair.