Hi all,
I know this question has been touched on before, however, I have a proposal that I would like some of the more well-seasoned Studio-goers to help me understand.
I’m currently laying foundations for an audit-log system, to document some script events, admin command use, among other things. There’s an interface planned to allow our moderators and developers to read these logs and achieve some special actions as well. If it’s at all possible, I’m trying to avoid even allowing regular players to have this interface and information. Yes, I can gatekeep remote events and functions by checking the appropriate UserId, but this is a question of hiding content from clients altogether.
I’ve come across some articles outlining some tricky ways of ‘replicating to specific clients’, but I’ve played around with an idea here and there and was wondering if it’s an acceptable way of achieving this.
Rather than putting the user interface in ReplicatedStorage, or in the PlayerGui service and selectively hiding it from localscripts, wouldn’t it be more secure to store the interface on the server, and ‘manually’ clone it into the Players PlayerGui folder from the server?
Here’s a demonstration of this concept.
As you can see, using a server script to clone a ScreenGui from the server to the Players’ PlayerGui object achieves what I’m looking for. It’s simple and seemingly secure. Is it? Is this a viable method?
I read through another article that this method is ‘not what PlayerGui was intended for’. I’d like to know more if this is actually the case, and why, if possible(and whether or not it matters).
Thanks for any help,
– Cyton