On Feb 17, 8:59 pm, mmf <[email protected]> wrote:
> warden, do you mean by "validation" checking the referer of the user
> client to see if the user client operates based on my website? Is that
> a secure way? I heard that there are browser plugins which allow to
> supress the transmission of the referer ...

I deliberately didn't specify any particular validation! Referer
header is one way, but as you say it can be spoofed fairly easily.
Cookies are another easily-implemented method which is less easy to
spoof. A method such as that outlined by Marc is more secure stil. You
could even use (or combine OAuth with) a one-off request id which you
keep track of in a server-side database and which you need to have
issued before a client request can use it; and having used it it can't
be used again.

Andrew
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Google Maps API" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/Google-Maps-API?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to