cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about the Community Ranking System, a fun gamification element of the PTC Community. X

Security on Google Maps extension

emoreira
14-Alexandrite
14-Alexandrite
‎Dec 30, 2015 12:11 PM
‎Dec 30, 2015 12:11 PM

Security on Google Maps extension

Hello all,

I modified the Google MAps extension to use the HeatMaps API's and create a heatmap based on some data input. It is working well but I have a questions regarding security: in order to make the authentication i changed the metadata.xml file from the extension to include the AppKey that is required for using these APIs.

metadata.png

What happens is that when I run the Mashup, the AppKey shows up in the developer console, which is definitely not secure.As this API usage has a quota, in case the key leaks it can create unwanted billing. It is possible to define which URLs are allowed in the key configuration but I still do not feel comfortable on publishing the AppKey out there.

indexHTML.png

Does anyone have an idea of how I could secure this information?

Cheers

Ewerton

Labels:
0 Kudos
Notify Moderator
4 REPLIES 4
fnilsen
2-Explorer
2-Explorer
(To:emoreira)
‎Feb 24, 2016 05:19 AM
‎Feb 24, 2016 05:19 AM

Hi Everton,

Have you checked out the latest videos on how to integrate security into the mashup using Cryptosoft?  if you make a search for 'cryptosoft', you will find 6 videos, which may answer your questions. In short, the Cryptosoft extension allows you to encrypt and decrypt any data. Let me know what you think.

Kind regards

Frode

0 Kudos
Notify Moderator
fnilsen
2-Explorer
2-Explorer
(To:fnilsen)
‎Feb 24, 2016 05:20 AM
‎Feb 24, 2016 05:20 AM

E.g.

0 Kudos
Notify Moderator
emoreira
14-Alexandrite
14-Alexandrite
(To:fnilsen)
‎Feb 24, 2016 07:59 AM
‎Feb 24, 2016 07:59 AM

Frode, thanks for the response.

From the videos it looks like it is managing the data in/out, but I did not see anything about criptography on the client configuration. My question is not necessarily related to the data itself, but with the extension configuration.

To config it I need to put the app key, that gets exposed in the client when I access the mashup. This is a problem in the extension setup not in the data itself.

Would it apply too?

Thanks

Ewerton

0 Kudos
Notify Moderator
smanley
14-Alexandrite
14-Alexandrite
(To:emoreira)
‎Jan 27, 2017 02:12 PM
‎Jan 27, 2017 02:12 PM

The Google API keys can also be secured from your Google account console so that it can only be used by certain IP addresses and referrer URLs.

  • Restrict your API keys to be used by only the IP addresses, referrer URLs, and mobile apps that need them: By restricting the IP addresses, referrer URLs, and mobile apps that can use each key, you can reduce the impact of a compromised API key. You can specify the hosts and apps that can use each key from the console by opening the Credentials page and then either creating a new API key with the settings you want, or editing the settings of an API key.
0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags