mighty roost
I have a admin panel system. Is this safe to make sure no exploiters can access the gui?
game.Players.PlayerAdded:Connect(function(plr)
local ui = game.ServerStorage.UI.AdminPanel
if plr.UserId == 1486646411 then
ui:Clone().Parent = plr.PlayerGui
print("Admin Panel Loaded")
end
end)
wary warren
Exploiters could probably not access the gui but if you use remote events to connect the input from the Admin Panel be always sure to recheck information on the server as i am pretty sure exploiters can spam remote events. Correct me if im wrong tho.
swift magnetBOT
** You are now Level 8! **
mild birch
Exploiters could probably not access the gui but if you use remote events to con...
nah ur right
mild birch
I have a admin panel system. Is this safe to make sure no exploiters can access ...
exploiters can always make UI appear so yea client sided it doesnt need to be safe
mighty roost
exploiters can always make UI appear so yea client sided it doesnt need to be sa...
This is serversided
so I think its impossible to access
and even if they can access it it checks again
first check whenever a event is fired through the panel is if plr.UserId == 1486646411 then
mighty roost
ohh I see
Since the serverside has access to playergui I thought it would be safe to add it in straight from a serverscript
brave blade
as long as you do server-side checks to verify that the user sending the request is permitted, you should be good.
fringe monolith
@brave blade @mild birch @mighty roost But can't exploiters pass a different player? like can't they pass a player instance, get the game owner's ID and just add it to the player instance passed to the server?
I'm asking bc I know of a game that had trouble with this trading system because exploiters were accepting trades as if they were the other player
regal cipher
first check whenever a event is fired through the panel is if plr.UserId == 1486...
This is already good.
blissful sigil
<@1306765351471812648> <@943513371213455360> <@1241468716122767412> But can't ex...
What is blud yapping about
mighty roost
<@1306765351471812648> <@943513371213455360> <@1241468716122767412> But can't ex...
That’s the id. Pretty sure the plr is just the player itself and the clients cant spoof that.
fringe monolith
That’s the id. Pretty sure the plr is just the player itself and the clients can...
Ooh thanks, thank you
mild birch
Ooh thanks, thank you
im pretty sure they can spoof it but idk how it works and I think you'll have to be pretty good at exploiting
blissful sigil
im pretty sure they can spoof it but idk how it works and I think you'll have to...
No?
You can't trick your player id.
mighty roost
You can't trick your player id.
you can use a fake userid if thats what its looking for but its impossible to fake as another player pretty sure
mild birch
No?
I’m pretty sure that if you reverse-engineer the Roblox client and intercept or modify how remote events are sent, you might be able to impersonate another “player.” However, those communications are probably encrypted, and the server likely uses a key that attackers don’t have, so they can’t decrypt or forge valid packets. In other words, I doubt this is possible in practice - if it were, it would likely already be a thing.
regal cipher
im pretty sure they can spoof it but idk how it works and I think you'll have to...
No one can spoof
This sanity check is already good
mild birch
This sanity check is already good
thats just the UI it doesn't really matter if it gets cloned from serverstorage or is replicated into all clients cause he needs to make safety checks for the remote events anyways