If It is stored on the client, then an exploiter can access it. If your admins got hacked then the hacker will probs have an exploiting client. So store it on the server.
1 Like
Sorry if this is a bad question, but which part of the Roblox studios is the client? Like workspace, serverscriptstorage, etc.
I’d suggest calling it something like an “access key”, and also, you should store the keys on the server-side and validate the submitted key with a remote event.
Which part of Roblox studios is sever side I’m sorry if it’s a bad question.
Its a perfectly fine question, Things like serverscriptstorage, serverstorage are only viewable by the server. Workspace, Replicated storage, and replicated first are both viewable by the server and client
I know there’s a solution but this topic has been covered countless time and I just want to say I don’t believe the solution is correct. As it’s been stated by people including my self collecting personal data no matter what it’s used for is not allowed by the TOS and COPA law (COPA is for >13). Personally if I were you I’d just add some sort of script where users, groups, or group ranks can only access this panel or stick with the traditional add admin command. Remember it’s very risky cause some users might make the password their current password or they might be logged wether that’s by someone intercepting it or the person who made it which is highly in violation of the TOS and US/UK/Etc Laws.
1 Like
The password is provided for them and only my staff can access it.
Are they also other articles that have covered this?
If you read through the other topic we discuss it’s still technically private info so if they’re under 13 it violates COPA. Also who says it won’t be intercepted if they put in their real password. It’s a very slippery slope and I think you should steer clear from using any sort of password system no matter the circumstances.
All my staff are 13+ and the password is the same for everyone and only my staff have it
The op isn’t trying to collect personal data, they have an admin panel, then the admin inputs a password provided by the owner of the game. He isn’t trying to make admins put their roblox password into the box, but rather the password that the owner gave them (So that way if their account gets hacked, the hacker won’t know the password to put into it, only the staff, and account owner know the password).
(Unless I don’t fully understand what the op is trying to make / do)
EDIT: Plus, the owner can simply state that when someone gets hired, they automatically agree to something like this.
2 Likes
Thank you that’s exactly what I meant.
If Roblox moderation were to review a report on this they’d see collecting personal data. You have to remember to think about it from all angles. The first thing they would most likely see is a place for your password, there’s no specific indication the password was provided, the word password instead of verification code raises some questions if it’s a scam, new users putting their real passwords out and they get leaked. It’s just very risky and I feel like if you’re better of avoiding this system even though it seems cool.
A password isn’t personal data:
You can’t identify someone just by knowing only their password.
EDIT: And if someone decides to put in their address / whatever personal info inside the “type password” box instead of a password, then hit the enter key, then thats their problem not the developers.
Just teach your admins about online security. That way their accounts don’t get compromised anyways. My Roblox account has like 30 characters long random password, 2 factor authentication, pin, I use different password on every site, my email has 2fa too so you would need access to my phone in order to get through, I don’t click any random links, I don’t download anything suspicious etc. Getting through that security just to mess around with my Roblox game would be worthless considering that would take millions of years even on the best computer possible to crack that or high skill of compromising accounts through security vulnerabilities.
See when you go off of something off of non-Roblox related their definitions will very. I know it’s not related to a login GUI in the TOS but under Cheating and Exploiting it clearly states that passwords are person information.
Any sort of personal information that is taken whether it’s foreign or domestic is 100% the Developers issue and fault. With this system they’re allowing that chance and when a Developer allows a chance just to seem different or what not, they’re not talking personal information and safety into concern and there for makes it their issue. We’ve seen countless Developers banned for this same reason of using a system that is old/unstable when there’s another one and when it’s venerable Roblox will take action. We have to remember as Developers everything we do has a consequence and Roblox Moderation won’t see it through our eyes and sometimes taking the safe route will save you. Honestly I’d see if you can contact a Roblox Moderator and talk it over with them.
The password is PROVIDED for them…
1 Like
Yes I’m aware but Roblox Moderation have no way of knowing that. I feel like everyone with this question keeps fishing for an answer they’re looking for. Dude it’s not worth it. As I’ve stated it could be intercepted and if they put in their real password unknowingly and it’s found out you’re the one to blame. I’m trying to help you understand Roblox Moderation will see it as a risk created by you there for on you and you shouldn’t risk it. Plus someone can easily leak the Staff passwords.
My staff clearly knows that the password is provided for them, they are all above 13, so they all have common sense. I can easily change the password and they know not to leak it.