Well its in the most general sense, its impossible to make it totally 'secure'.
If the data can be 'seen' on screen, it can be copied. Its been downloaded to the users computer, so they can somehow extract it. Particully as the Maps API works in a javascript enviroment, and most browsers its relatively easy to 'inject' code, so a user can intercept the data do something with it. The two main techniques, are to 'limit' results, only let the client download small amounts of data. Just the amount they 'need', to limit damage if leaked (this is typically what Google Maps does). Use rate limiting, to prevent making too many requests (even if each reply is small, a script can just loop and make lots of requests) ... the other to just make it harder. Make the 'cost' of obtaining the data (in time and effort) not worth the bother. For example could add some sort of verification token to the URL, so even if someone copies the reference file's URL, and tries to access it, then token will have expired. Have the 'key' needed to create this token, obtained though a side-channel (eg a cookie attached to some specific request) - the 'attacker' has to then 'find' a token as well, which makes it more complicatd. Can also use obscure data-formats, encode the data in some way. (rather plain lat/longs in the data-file, use a different encoding) - not impossible to decode for an attacker, but they also then have to find and extract the decoding function from your code (and can also obfuscate your source code). (there is also server side rendering. Rather than sending raw data for processing and display, render it, into a format which makes it harder to extract. Eg drawing map tiles, extracting raw data from image files is harder. Although someone could perhaps then just use your images tiles directly) (Google Maps uses all these tricks to 'protect' the data that is exposed in the Maps API!) On 20 October 2016 at 11:24, BeeRich <beer...@gmail.com> wrote: > Hi folks. > > Just wondering if there is a way to shove a JSON reference/file into a > GMap securely from a database. I don't want my database scraped, but I > want to provide data from a URL if possible, based on an AJAX request to my > server based on map boundaries. > > I haven't been able to find much on this sort of thing. Any insight > appreciated. I thought stuff like this would be easy to find, given how > popular GMaps are. > > Cheers > > -- > You received this message because you are subscribed to the Google Groups > "Google Maps JavaScript API v3" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to google-maps-js-api-v3+unsubscr...@googlegroups.com. > To post to this group, send email to google-maps-js-api-v3@ > googlegroups.com. > Visit this group at https://groups.google.com/group/google-maps-js-api-v3. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Google Maps JavaScript API v3" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-maps-js-api-v3+unsubscr...@googlegroups.com. To post to this group, send email to google-maps-js-api-v3@googlegroups.com. Visit this group at https://groups.google.com/group/google-maps-js-api-v3. For more options, visit https://groups.google.com/d/optout.
