On Feb 17, 8:59 pm, mmf <[email protected]> wrote: > warden, do you mean by "validation" checking the referer of the user > client to see if the user client operates based on my website? Is that > a secure way? I heard that there are browser plugins which allow to > supress the transmission of the referer ...
I deliberately didn't specify any particular validation! Referer header is one way, but as you say it can be spoofed fairly easily. Cookies are another easily-implemented method which is less easy to spoof. A method such as that outlined by Marc is more secure stil. You could even use (or combine OAuth with) a one-off request id which you keep track of in a server-side database and which you need to have issued before a client request can use it; and having used it it can't be used again. Andrew --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
