TL:DR: Add a setting to make characters run on the server rather than the client.
With the new FilteringEnabled update anti-exploit took a step forward. In places with it enabled, the client became unable to modify anything on the server. If a new script exploit opens, since they only have control of their client they will be unable to do any real damage to servers with the setting enabled or corrupt datastores. But we still have the issue that the client controls it's character. I've done experiments in Studio and even with Filtering it is possible to modify your walkspeed, give yourself tools and teleport. To prevent the next script exploit from modifying characters, I want a new setting.
"CharacterRunsOnServer"
When true, well... characters would run on the server! The only thing the client would be able to do with FilteringEnabled and CharacterRunsOnServer both enabled is give keystrokes, read server values and render. The input would be sent to the server and all processing would be done there. This would mean less lag and (hopefully) no exploitable holes meaning ROBLOX could spend less/no time patching and more time developing updates.
|