Secure mysql database makers on google map

100 views
Skip to first unread message

Cole

unread,
Sep 3, 2011, 11:02:01 AM9/3/11
to google-map...@googlegroups.com

Is there any way to secure the data points on a Google Map?

I am new to Google Maps and just completed the tutorial "Using PHP/MySQL with Google Maps" (which I wouldn't have been able to complete without help from this community so Thank You All!) but I noticed after I was done that my data doesn't seem very secure...all someone would need to do to take my data is go to the url of the .php file referenced in the html and all of my xml is displayed. If someone wanted they could just copy that data into excel and presto, data successfully taken.

Main webpage: www.courtsofsorts.com
XML: http://www.courtsofsorts.com/phpsqlajax_genxml.php5 (how can I prevent someone from taking this??)

Is there any way to prevent this or make my database information more secure?

Thanks,

Cole

Jeremy Geerdes

unread,
Sep 3, 2011, 11:36:14 AM9/3/11
to google-map...@googlegroups.com
Ultimately, there is no way to fully secure any code that will be utilized in the browser.

Jeremy R. Geerdes
Generally Cool Guy
Des Moines, IA

For more information or a project quote:

If you're in the Des Moines, IA, area, check out Debra Heights Wesleyan Church!

--
You received this message because you are subscribed to the Google Groups "Google Maps JavaScript API v3" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-maps-js-api-v3/-/RycYvQTvcPYJ.
To post to this group, send email to google-map...@googlegroups.com.
To unsubscribe from this group, send email to google-maps-js-a...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-maps-js-api-v3?hl=en.

Cole

unread,
Sep 3, 2011, 11:44:01 AM9/3/11
to google-map...@googlegroups.com
As I guessed, I figured there would be no way to fully secure the data. However, is there a way to make my data more secure than it is now?

Andrew Leach

unread,
Sep 3, 2011, 11:59:27 AM9/3/11
to google-map...@googlegroups.com
On 3 September 2011 16:44, Cole <colebr...@gmail.com> wrote:
> As I guessed, I figured there would be no way to fully secure the data.
> However, is there a way to make my data more secure than it is now?

Your php script could check the Referer header of the request, which
gives an indication of where the request came from (although it's not
foolproof and can be spoofed). Requests for your data should come only
from your page.

If your main webpage is generated dynamically, you could include some
sort of [encrypted] timestamp which is returned to the server with the
data request; if the timestamp is invalid or more than ten minutes old
(say), don't serve the data requested. Encryption and decryption is
handled on the server, so you don't need to give the method away, and
you can make the key forty characters long if you wish, to deter
retyping.

Both of those methods will stop speculative retrievals of your data
without using the main web page, although they are not foolproof and
both could be spoofed. However, once markers are returned and
displayed on a map, they are fair game. And Firebug makes it easy.

You could keep track of the ip address each request comes from and
only serve data if the request rate or number of requests made is
reasonable, rather like Google's APIs do. You might even end up
blacklisting certain addresses completely. Again, ip addresses can be
spoofed (although that's less easy than other headers) and a blocked
ip address can usually be circumvented simply by reconnecting.

If you don't serve the data requested, do serve valid XML! That means
your page will look for real data and won't cough when it doesn't find
any; and if the data returned is inspected there might be an
indication of what's wrong (even if that's only "Invalid request")

Cole

unread,
Sep 3, 2011, 12:18:31 PM9/3/11
to google-map...@googlegroups.com, andrew....@gmail.com

Interesting ideas, now I just have to learn how to implement them and determine if the effort is worth it in the end. Thanks for the reply!

Overall, I am less concerned about someone trying to access the database that shouldn't be, although I guess that should be a valid concern of mine. I am more concerned with someone simply reading my HTML then pulling up the page with all of my XML, where it then becomes a simple copy paste to take the data.

Both of the methods above sound more geared towards securing the actual database, but what about the creation of the XML by me and the fact that is just sitting out there, do either of those help that issue?

Andrew Leach

unread,
Sep 3, 2011, 12:54:15 PM9/3/11
to google-map...@googlegroups.com
On 3 September 2011 17:18, Cole <colebr...@gmail.com> wrote:
>
> Both of the methods above sound more geared towards securing the actual
> database, but what about the creation of the XML by me and the fact that is
> just sitting out there, do either of those help that issue?

Everything I suggested is securing the delivery of your data, not the
database itself (which should have its own password, ip address etc).

Sean Patrick Goodwin

unread,
Sep 3, 2011, 11:09:48 AM9/3/11
to google-map...@googlegroups.com
I used this, it was simple and did the job. http://www.zubrag.com/scripts/password-protect.php

--
You received this message because you are subscribed to the Google Groups "Google Maps JavaScript API v3" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-maps-js-api-v3/-/RycYvQTvcPYJ.
To post to this group, send email to google-map...@googlegroups.com.
To unsubscribe from this group, send email to google-maps-js-a...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-maps-js-api-v3?hl=en.



--
Sean Patrick Goodwin

Reply all
Reply to author
Forward
0 new messages