Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Releases API for Google Maps

Posted by timothy on from the google-google-google-google dept.

Elyscape writes "The Google Blog announced today the release of an API for Google Maps. While the use of the API requires a key that limits the owner to 50K pageviews a day, which is similar to but far more generous than Google's Web Search API, Google notes that they are willing to work something out with website owners who expect to breach that large barrier. This release definitely opens the door for (or, at least, eases the creation of) more advanced Google-Maps-based applications. On the negative side, it broke several current Google-Maps-based sites, such as ChicagoCrime.org. So get started! Go to the Google Maps API home, sign up for a key, and go wild! (Note: going wild may entail fixing broken sites. It does not necessarily entail actually visiting the wild.)

4 of 30 comments (clear)

  1. Re:Technical Question from a non-programmer by geoffspear · · Score: 1, Insightful

    If your browser lets javascript code erase your hard drive, you've got bigger problems than worrying about whether Google is going to do something malicious.

    --
    Don't blame me; I'm never given mod points.
  2. Re:Technical Question from a non-programmer by Mr.Sharpy · · Score: 3, Insightful

    They obviously don't release the code for the api .. how you know that when you call a function? from the api, it's not doing something malicious? how do you know they aren't using it to track users, send malicious code, etc? granted - it's Google, but still?

    The API is written in javascript, the code for which is open by nature. The code is obfuscated/compressed, but it's easy to expand it out to readable syntax. This code is not going to do something on the clientside without everyone knowing it. That's not to say they're not doing tracking on the server side...but that's another matter entirely.

  3. Re:Technical Question from a non-programmer by Anonymous Coward · · Score: 5, Insightful

    You've got a very good point that none of the other repliers seem to have noticed.

    External Javascript somebody else supplies is *BAD*. Not "can delete your hard drive" bad, but "can rob your cookies and molest your website" bad.

    Example: You are an admin for a large company using a popular content management system. You think this is a useful addition to your website, so you add in the code. A wayward Google employee rigs some of the Google servers to transmit malicious Javascript 1% of the time. You visit the new page to check everything is working, the malicious Javascript transmits your cookies containing your admin details to an external server, and now the wayward Google employee has complete write access to your website.

    There is built-in protection from malicious Javascript. Unfortunately, it doesn't apply in these circumstances. The secure way of doing this is to copy the (known-safe through whatever means) Javascript to your own server instead of referencing Google's version. Unfortunately, this is against their terms of service.

    This is a really big security hole that people don't seem to pay attention to. I've noticed people trusting password bookmarklets written in this style and all sorts. Basically, if you include other people's Javascript in your website with <script src="http://example.com/...">, then you are implicitly trusting example.com with all of your user's cookies, etc.

  4. Superb reality-check for the web by GregBryant · · Score: 2, Insightful

    They put the satellite views in! That lets everyone inject a bit of reality into their web pages. This API is so simple ... soon little maps & satellite images, with GIS overlays, will be dripping from every website.