Hi all! I'm currently in my final year of studies and am writing my final thesis. We are currently researching some related work, and I am very interested in Google's solution to key verification for client-server requests.
>From what I've understood, the api-key is a hash of the domain name entered on the registration page. 1. Does anyone know what hash-function it is? Secondly, when this key is provided together with the ajax loader script request, the downloaded script already has some default values set, such as google.loader.KeyVerified. 2. How this is done, (HTTP_REFERER?) and how is spoofing avoided? Or is spoofing at this stage not an issue? 3. Given that the key could not be verified on server-side, when is it verified against window.location.host? 4. Is this check run before every subsequent request to Google? If not, how frequently is it run? 5. What were the security considerations of the technical team when they implemented the key verification mechanism? I understand if this is somewhat a secret, and not something to be discussed in an open forum, but I would really appreciate your help in giving me solid facts for writing this part of the thesis. If you prefer to, you can contact me via e-mail: [EMAIL PROTECTED] Thanks a lot in advance, Patrik Ã…kerstrand, Sweden ps. Any discussion about solutions, strengths and weaknesses, in this area would also be greatly appreciated. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
