开发者

Why is CoreGui RobloxLocked in the DataModel and why can't trusted users use CoreScripts?

We should be able to access some of it so that we can edit the placement of each GUI object inside of CoreGui. So, other than security reasons, why are we not allowed to edit placement of GUI objects?

Also, why can't trusted users use CoreScripts? What if they need to access HttpGet 开发者_运维知识库so they can provide a nice display showing where their best friend is at the current time and place? SocialService won't always do the trick.

Can a developer (or any other experienced Roblox player, particularly one that knows the UI in and out) please answer these questions to the best of his/her ability?


I asked this in the OBC cast, specifically about editing the UI inside CoreGui. I'm not sure what security reasons could be preventing this, however. They did reply - the answer was, "Well, we definitely don't want you moving the little help icon, or the exit button."

I got the feeling the general reason is because users would become confused if everything was misplaced. For example, if you went into a website where you could play several games all made by that company (like ROBLOX), would you expect the exit or help buttons to me placed differently in every game?

They did say we will be able to change the colours.

Hope this clears things up.


Some GUI objects like the report abuse button we don't want users to have the ability to be able to remove. Another sensitive area is the chat window. If it was completely scriptable, you could write a script to make it look like another user was saying something that he wasn't. This is not really desirable.

HttpGet is currently a privileged function for two main reasons:

  1. It would allow users to get dynamic content into levels, which would make moderation a more difficult task.
  2. Poorly or maliciously written scripts could HttpGet roblox.com in an infinite loop, sapping our server resources.

There was no obvious benefit, but some obvious downsides. We prefer to solve only the problems that need to be solved in order to ship features, so we err on the side of caution for things like this. If we later decide to open up new functionality, like making the ROBLOX social graph available through an API, we can do that with a dedicated interface that limits the number of requests you can make to the website in a given period, and only return the info that we are sure we want you to be able to get.

It's interesting to note that for a very long time Adobe Flash player didn't support TCP sockets for the same reason.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜