#Safe exploit or Simple

Hello, in my client script I’m wondering, should I protect against every possible error, even potential exploit cases (like someone calling functions with nil or deleting stuff from the Explorer)? Or should I just keep it simple, since a normal client would never run into those issues anyway?

Here’s an example:

Normal version (clean, assumes everything is valid):

local function ClearGuiObjects(...)
    for _, GuiObject in ipairs({...}) do
        if GuiObject == SongsScrollingFrame then
            for _, Child in ipairs(GuiObject:GetChildren()) do
                if not (Child:IsA("ImageLabel") or Child:IsA("UIListLayout")) then
                    Child:Destroy()
                end
            end
        elseif GuiObject == InformationsFrame then
            for _, Child in ipairs(GuiObject:GetChildren()) do
                if not (Child:IsA("UICorner") or Child:IsA("UIStroke")) then
                    Child:Destroy()
                end
            end
        end
    end
end

Safe version (defensive, handles exploit/invalid cases):

local function ClearGuiObjects(...)
    for _, GuiObject in ipairs({...}) do
        if GuiObject == SongsScrollingFrame and GuiObject:IsA("ScrollingFrame") then
            for _, Child in ipairs(GuiObject:GetChildren()) do
                if not (Child:IsA("ImageLabel") or Child:IsA("UIListLayout")) then
                    Child:Destroy()
                end
            end
        elseif GuiObject == InformationsFrame and GuiObject:IsA("Frame") then
            for _, Child in ipairs(GuiObject:GetChildren()) do
                if not (Child:IsA("UICorner") or Child:IsA("UIStroke")) then
                    Child:Destroy()
                end
            end
        else
            warn("[ ClearGuiObjects ] Invalid GuiObject:", GuiObject)
        end
    end
end

You don't need to protect against issues on the client that are caused by people editing the client because then it's their own problem if the game doesn't work. You should however make your server side code so that the client cannot be edited to exploit the server truth (items, levels etc).

exactly

Alr thank you, so for example, should I keep pcall around Sound:Play() and Sound:Stop() on the client, or is it unnecessary since they won’t error in normal conditions?

local function SafeMenuSound(Sound, Play)
    local Success, Error = pcall(function()
        if Play then
            Sound:Play()
        else
            Sound:Stop()
        end
    end)
    
    if not Success then
        warn("[ SafeMenuSound ] Sound :", Sound, "-> failed to play/stop:", Error) -- ?
    end
end

Uh.. why do you need a pcall on a.. sound..

💔

im confused

In case an exploiter delete the sound after the function is called or idk

Don't worry about exploiter destroying his own game

Alr thanks, so warn and protection is only if the game itself can break thinks

yeah only care about what can happen in your game, if a exploiter destroys the sound is only his problem as they can only act through his client side, in fact, protect your communication between client and server or viceversa

Again for example, so here i should remove the if not, bc it's should alway be true ? @cold dust :

local function PlayRandomTypingSound()
    local typingSounds = MenuSounds:FindFirstChild("KeyClicks_Folder") and MenuSounds.KeyClicks_Folder:GetChildren()
    if not typingSounds or #typingSounds == 0 then
        return
    end

    typingSounds[math.random(#typingSounds)]:Play()
end

MenuSounds and the KeyClicks_Folder are always where they should be, so I don’t check them ? If an exploiter deletes or moves the folder, that’s their problem ?

exactly, but where is typing sounds and all that?

Ho sorry yeah MenuSounds is a folder in soundservice where all the sounds for my menu are, and another folder in that folder where all the sounds should play when we press a key