Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Releases API for Google Maps

Posted by timothy on from the google-google-google-google dept.

Elyscape writes "The Google Blog announced today the release of an API for Google Maps. While the use of the API requires a key that limits the owner to 50K pageviews a day, which is similar to but far more generous than Google's Web Search API, Google notes that they are willing to work something out with website owners who expect to breach that large barrier. This release definitely opens the door for (or, at least, eases the creation of) more advanced Google-Maps-based applications. On the negative side, it broke several current Google-Maps-based sites, such as ChicagoCrime.org. So get started! Go to the Google Maps API home, sign up for a key, and go wild! (Note: going wild may entail fixing broken sites. It does not necessarily entail actually visiting the wild.)

3 of 30 comments (clear)

  1. Re:50K Pageviews by Dorktrix · · Score: 5, Informative

    A "page view" is the number of times users download the JavaScript, not the number of map tiles, so it is a fairly high limit for most sites. Also, we are not restricting use of the API to small sites -- we are just asking that sites who have more page views than 50K contact us first to ask permission so we can make sure we can handle the load.

    Bret Taylor
    Product Manager, Google Maps

  2. Re:address lookup? by Mz6 · · Score: 4, Informative

    There are ways to do and have Google do the work for you. Try this: http://maps.google.com/maps?q=White%20House%20Wash ington%20DC&output=js This will generate a blank page, but viewing the source will reveal the XML code, including the Lat/long locations that Google found for the search term. Replace "White House Washington DC" with your street addresses and you should get the points you're looking for. From there it's trivial to parse through the XML and grab the lat/long locations.

    --
    Hmmm.
  3. Re:Technical Question from a non-programmer by Anonymous Coward · · Score: 5, Insightful

    You've got a very good point that none of the other repliers seem to have noticed.

    External Javascript somebody else supplies is *BAD*. Not "can delete your hard drive" bad, but "can rob your cookies and molest your website" bad.

    Example: You are an admin for a large company using a popular content management system. You think this is a useful addition to your website, so you add in the code. A wayward Google employee rigs some of the Google servers to transmit malicious Javascript 1% of the time. You visit the new page to check everything is working, the malicious Javascript transmits your cookies containing your admin details to an external server, and now the wayward Google employee has complete write access to your website.

    There is built-in protection from malicious Javascript. Unfortunately, it doesn't apply in these circumstances. The secure way of doing this is to copy the (known-safe through whatever means) Javascript to your own server instead of referencing Google's version. Unfortunately, this is against their terms of service.

    This is a really big security hole that people don't seem to pay attention to. I've noticed people trusting password bookmarklets written in this style and all sorts. Basically, if you include other people's Javascript in your website with <script src="http://example.com/...">, then you are implicitly trusting example.com with all of your user's cookies, etc.