Hi Mike, Thanks for your answer. I believe that I understand most of it now, except this:
On Jul 23, 7:44 pm, Mike Williams <[email protected]> wrote: > When I try to use the key, I send the API key to a Google server, and it > decyphers the URL part using their secret key to recreate the Hash. In > early API releases, the Hash was just returned to main.js. Main.js > encodes variants of the URL to see if any of them produce the Hash. It > current versions of the API that validation is also performed in the > server. So the comparison was previously done in the JavaScript part. It must be quite easy for someone with bad intentions to use their own version of Main.js to bypass this check? And do you know how the validation in the server is done? I am mainly thinking where it gets the domain name of the server from. Is it transferred using JavaScript? - Jesper --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
