Include Google Maps API Key in open source project? | ansaurus

tags:

views:

366

answers:

1

+1 Q:

Include Google Maps API Key in open source project?

Is it okay to put your Google Maps API Key into your source code and publish it?

Others could take it and misuse it, but I don't want every developer / user to get their own API key and type it in somewhere. If the owner of the key is responsible, should I create a new google account for the project? (The project is a desktop application in Objective-C and a small developer tool.)

What would be the best way to make this convenient?

+1 A:

I don't think it's legal, but even it were, it's technically impossible, because the Google Maps API Key is tied to your domain name. Google will check the referrer of the HTTP request to validate the key.

The key isn't secret anyway: simply viewing the source of a website using Google Maps reveals the API key.

Philippe Leybaert 2009-07-11 09:05:32

But in case of desktop applications the key is tied to the URL of the download site of the application. So Google can't validate it.

Christian 2009-07-11 09:17:45

The terms of use and FAQ sections on the Google Maps api aren't very clear about that.

Philippe Leybaert 2009-07-11 09:29:27

"You may use the API (except for the Static Maps API) in websites or in software applications. For websites, please sign up with the URL where your implementation can be found. For other software applications, please sign up with the URL of the page where your application can be downloaded."What's not clear about that?

Christian 2009-07-11 09:45:09

I mean that it's not clear if you can distribute the key or not. Wasn't that your question? :)

Philippe Leybaert 2009-07-11 09:48:56

Ah yes, sorry I misunderstood you.

Christian 2009-07-11 10:01:39

related questions

Encryption in C# Web-Services

How Do You Secure database.yml?

ASP.NET LocationProvider

What do you (or your company) use for wiping a machine?

Can a proxy server cache SSL GETs? If not, would response body encryption suffice?

Java: What is the best way to SFTP a file from a server

How do I call a Flex SWF from a remote domain using Flash (AS3) ?

Best way to store a database password in a startup script / config file?

Using VM to get around VPN restrictions

Best references for secure coding practices in ASP.NET and classic ASP.

Secure Memory Allocator in C++

Resolving Session Fixation in JBoss

Best Practices for securing a REST API / web service

Defensive programming

Personal Linux web server

Block user access to internals of a site using HTTP_REFERER

Is there an Unobtrusive Captcha for web forms?

My website got hacked... What should I do?

What all do I need to escape when sending a (My)SQL query?

How do you disable browser Autocomplete on web form field / input tag?

Best .NET obfuscation tools/strategy

Are there best practices for testing security in an Agile development shop?

What is the best way to avoid SQL injection attacks?

Found a critical bug, but the company doesn't care

PHP Session Security