如何在Ionic / Cordova应用程式中确保我的Google Maps Javascript V3 API金钥？ [英] How to secure my Google Maps Javascript V3 API Key within an Ionic/Cordova App?

问题描述

我目前正在开发一个Ionic应用程式，内含Google地图。 Google Maps V3 API建议使用API​​密钥来跟踪使用情况。事情是当我创建一个API密钥为浏览器使用我只能通过指定引用来保护我的API密钥。现在我在移动设备上没有引荐来源网址，所以我可以做些什么来避免其他人也可以使用我的API密钥？

I am currently developing an Ionic app where I have an embedded Google Map. The Google Maps V3 API recommends using an API key for tracking usage. The thing is when I create an API Key for browser usage I can only secure my API key by specifying referrers. Now I don't have a referrer on mobile devices so what can I do to avoid that other people can also use my API key?

推荐答案

我看到它的方式有两个选项：

The way I see it you have two options:

1. 你不能保护它，因为为了有人得到他们将需要从您的应用程序中提取它的关键。在大多数情况下，即使有人获得密钥，他们会怀疑他们会使用它的任何恶意，因为他们只能得到自己的密钥。这是一个风险，你必须逐个项目评估，并决定是否是你可以容忍的东西。


2. 第二个选项是将其固定到特定的引荐来源，然后欺骗您的设备上的网络视图使用的引荐来源网址。有几个例子，堆栈溢出如何做到这一点。请参见在嵌入式UIWebView中指定HTTP引荐来源

1. You can not secure it at all, since in order for someone to get the key they will need to extract it from your application. In most cases even if someone were to obtain the key, it is doubtful they would use it for anything malicious since they could just get their own key. This is a risk you have to assess on a project by project basis and decide if it is something you can tolerate.
2. The second option is to secure it down to a specific referrer and then spoof the referrer being used by your web views on the device. There are a few examples on stack overflow on how to do this. See Specifying HTTP referer in embedded UIWebView

无论如何，有人可能会得到你的密钥，并用它代表你提出请求。他们可以通过欺骗引用者自己，即使你去的路由，因为它是由客户端浏览器提供的头。

Either way, it is still possible for someone to get your key and use it to make requests on your behalf. They could do it by spoofing the referrer themselves even if you go that route since it is a header provided by the client browser.

这篇关于如何在Ionic / Cordova应用程式中确保我的Google Maps Javascript V3 API金钥？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！