When the player joins the game and his data is loaded, I am creating object values in a Folder for the player with the intention to refer to this folder to do changes to and even to access its data for the Gui.
I was thinking which is the safest way to put the Folder at to avoid unwanted problems such as duping from a trading system.
Should this Folder be in ServerStorage or ReplicatedStorage?
I would say ServerStorage, however I would like to confirm.
I would say serverstorage as replicatedstorage can be seen by all clients
Either is fine assuming you’re using FilteringEnabled.
If you want the client to be able to read the data easily without using RemoteEvents or RemoteFunctions, I’d say throw it into ReplicatedStorage. This way the clients can easily look-up the data, though always do validation server-side incase the clients change the data on the client. This would also allow clients to spoof values on their screen (ie, if you hook a UI to update when “money” value changes, it’ll change on the UI even if the client runs code to change it. This obviously will not reflect on the server so you can validate just fine.
Otherwise, having it in ServerStorage would mean you must make the client fetch data through a RemoteEvent. The client can still spoof this on their end (ie, for a money UI) but its slightly more difficult and also wouldn’t reflect on the server so you can validate just fine. This also is more inline with modern practices. I’d recommend this route.
Thanks!