This isn’t “UI management” like what you’re referring to. This is an admin gui that will only be parented to people who join and are deemed as an admin. That is why it is managed on the server, if it were managed on the client, the client would be able to see it and do as they please with it. But, since only admins will have it parented to them, it will be managed by their client afterwards.
The entire point of my post is that there is no need whatsoever for the average client to be able to see this gui, not only is it a waste of memory but exploiters will be able to see it. And securing bizzare admin usage can take quite a bit of time in order to not be abused. But, had you just taken the two seconds to only register it’s existence on the client when that person is the person who needs it, that’s subverts everything else that was previously required
It is though. You’re managing the existance of the UI on the server, when the server should only be used to allow the client to fire actions which replicate. The client on the other hand should be responsible for managing the interface and experience of this communication. If you’re too worried about memory, simply destroying the GUI on the client can suffice.
You’re managing the existance of the UI on the server, when the server should only be used to allow the client to fire actions which replicate.
What does an arbitrary rule matter when following said rule is worse than if you didn’t? It’s worse in this case, since again it would take far longer and be worse if you let everyone see it, whereas it’s 2 seconds to just have it inactive sitting in server storage, and then clone, parent when needed.
I have the feeling you aren’t visualizing what i’m saying too well, caviarbro's repro file in the post linked below is exactly the approach I am talking about.
Anyway, I think we’re going off topic now for long enough, if you wanna pick this back up feel free to dm me
Clients are actually able to access other peoples UIs from my experience. You have to protect the RemoteEvent regardless. All it is is a new location, and it’s making no difference. Sure you could do that to minimize visibility to the Remote itself, but that doesn’t mean it’s “fully secure”.
It’s just like having it in ReplicatedStorage hiding in a folder. It’s still downloaded to the client.
Reason I know other UIs are accessible from the client is because I’ve tested similar situations before within studio (which acts just like any exploiters powers would be like local)
Please make sure your experience is actually correct.
All it is is a new location, and it’s making no difference. Sure you could do that to minimize visibility to the Remote itself, but that doesn’t mean it’s “fully secure”.
Generally true, but you’re ommiting too much detail here. If in no possible case, will that remote event ever be replicated to anybody besides a player determined by the server to be valid, it is by all intents and purposes; secure.
It’s just like having it in ReplicatedStorage hiding in a folder. It’s still downloaded to the client.
It’s not like that at all, unlike ReplicatedStorage, PlayerGui is not replicated to other players. If it were, it’d be a HUGE engine flaw, as tons of bandwitdh would be used when players update their gui, it may even make the game unplayable.
Reason I know other UIs are accessible from the client is because I’ve tested similar situations before within studio (which acts just like any exploiters powers would be like local)
Again, if you’re going to present these claims to other people as evidence, please re-test them and submit your findings as evidence.
Must have been a recent change. Before, users were able to look at other peoples PlayerGui. Although 0 changes would replicate, it was still allow the Local Player to change anything they want about that UI.
Not sure if something internal was done to prevent that or if Roblox just recently fixed it with an announcement I didn’t see.
Not sure if Team Creates are just different, but scripts from other players have certainly worked on other peoples UIs in the past. I don’t jot note everything when a change is made so you can’t really expect me to know when they changed it.
I don’t jot note everything when a change is made so you can’t really expect me to know when they changed it.
You don’t have to. Like I said in my last post, it’s just a very good practice to whenever you make a claim, ensure that this claim is still true, that way; you also have some tangible evidence to give if the opposition needs a source (which they generally will)
