我应该采取哪些措施来保护我的Google Maps API密钥？ [英] What steps should I take to protect my Google Maps API Key?

问题描述

当我获得我的密钥时提供的示例显示了请求参数中嵌入的密钥，例如：

我已经获得了Google Maps API密钥。 / p>

 < script src =http://maps.google.com/maps?file=api&amp;v=2& ; amp; sensor = true_or_false& amp; key = my-keytype =text / javascript>< / script> 
  

我明白请求中的referrer字段必须与我的域匹配，可以安全地使我的密钥可见在脚本标签和类似的？或者还有其他步骤我应该采取？

解决方案

考虑到密钥必须包含在 < script>< / code> HTML页面的标签，从谷歌的服务器加载JS文件/数据，没有什么可以做的：



• 您必须将其放入您的HTML文件中


• 每个人都可以看看这些文件。

然而，这并不重要：如果有人试图在另一个域名上使用此密钥，他们将得到一个Javascript警报 - 这对于其他用户来说并不好。

所以：

• 没有什么可以做的;这是它的工作方式


• 并且没什么需要担心的，我会说。
  

I have obtained a Google Maps API key for my domain.

The examples provided when I obtained my key show the key embedded in request parameters, for example:

<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;sensor=true_or_false&amp;key=my-key" type="text/javascript"></script>

I appreciate that the referrer field in requests must match my domain, is it safe to make my key visible in script tags and the like? Or are there any other steps I should take?

解决方案

Considering that key has to be included in the <script> tags of your HTML pages, to load the JS files/data from google's servers, there is nothing you can do :

• you must put it in your HTML files
• every one can take a look at those.

Still, it doesn't really matter : if anyone tries to use this key on another domain than yours, they will get a Javascript alert -- which is not nice for ther users.

So :

• There is nothing you can do ; this is the way it works
• And there is not much you should worry about, I'd say.

这篇关于我应该采取哪些措施来保护我的Google Maps API密钥？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！