如何谷歌地图api键安全在网站上 [英] How to google maps api keys safe on website
问题描述
我在我的网站上使用google maps api并想使用我的API密钥,但我对如何保证它的安全感到困惑。我知道我可以直接将实际密钥硬编码到index.html
I am using the google maps api on my website and would like to use my API key, but I'm confused about how to keep it safe. I know that I could just hardcode the actual key right into index.html
<!DOCTYPE html>
<html>
<head>
<script src="https://maps.googleapis.com/maps/api/js?v=3.exp&sensor=false&key=HARDCODED_KEY"></script>
然后它就在那里,任何人都可以看到他们查看网站的源代码。如果有人用Firebug等调试工具查看网站,我也不希望它出现在DOM中。
But then it's right there for anyone to see when they view the source code for the site. I also don't want it to show up in the DOM if someone's viewing the site with a debugging tool, like Firebug.
我假设有一种方法将它存储在我可以提供的单独文件(可能在我的html /目录之外)中。如果有人能提供一个例子或评论这种方法是否相对安全,我真的很感激帮助。我找到了关于这个主题的其他帖子,但没有一个适用于这个(相对简单的)案例。
I'm assuming that there is a way to store it in a separate file (probably outside my html/ directory) that I can source. If anyone could provide an example or comment on whether this approach would be relatively secure, I'd really appreciate the help. I've found other posts on this topic, but none that apply for this (relatively simple) case.
推荐答案
只需设置引用,如文档中所述:
Just set the referrers, as mentioned in the documentation:
为了防止其他应用程序使用您的密钥并使用您的
配额,您可以将可以使用API密钥的IP地址限制为
发送请求:
To prevent other applications from using your key and consuming your quota, you can limit the IP addresses that can use your API key to send requests:
访问Google Developers Console并使用您的Google
帐户登录。
选择签署
up时为您创建的项目。项目名称将以Google Maps API for Work开头。
在左侧的
侧边栏中,选择凭据。
在Public API Access标题下找到您正在使用
的密钥,并单击编辑允许的IP。
输入
接受密钥的IP地址,每行一个。
您也可以使用CIDR表示法输入子网(例如192.168.0.0/22)。
Visit the Google Developers Console and log in with your Google account.
Select the project that was created for you when you signed up. The project name will start with Google Maps API for Work.
In the sidebar on the left, select Credentials.
Find the key you're using under the Public API Access heading, and click Edit allowed IPs.
Enter the IP addresses from which your key is to be accepted, one per line. You may also enter a subnet using CIDR notation (e.g. 192.168.0.0/22).
此外,您可能会出现之后使用此问题你设置推荐,我认为你会发现它很有用。
Also you may come up with this question after you set the referral, I think you'll find it useful.
这篇关于如何谷歌地图api键安全在网站上的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
