splash
Welcome
Here is where you could put something about you. You can edit this text in "featured-block.php" in the theme directory.
No Post Found. Add the tag featured to the post you want displayed here.
This will pull the latest post tagged featured.
 

Google Map Tip: Prevent direct linking to your XML data

Posted By bran on February 13th, 2009

I have been recently working on a project integrating Google Maps API. It’s pretty straight forward and Google provides an excellent documention.  After working with the API and developing the custom mapping application, I noticed that the implemention exposes the name of the data file (xml, csv, text, etc) in the JavaScript code, example below (can be seen by viewing page source):

        GDownloadUrl("address.xml", function(data) {
...
)}

Notice the bold area. “address.xml” is the file that contains all the xml data that has been collected and organized. I can pretty much download the file by entering in my address bar:  http://root url/address.xml. Voila, I have basically ripped off someone else’s data to be used as I see fit. Perhaps to create my own map!

I personally do not want to expose the location of my data file and allow others to download it.  To get around this issue, I have implemented a simple solution.

Rather than “address.xml”, I have created a new separate .php file. Let’s call it address.php. In that file, I check the referrer information to ensure that the request comes from the proper location. If it does, write the xml contents. If not, redirect them somewhere else.

<?php

    // prevent direct linking to xml files

 if($_SERVER['HTTP_REFERER'] != '') {

          $xml_string = file_get_contents("xml_location/address.xml");

        echo $xml_string;  

 }else{    
     // redirect them somewhere if they try to direct link to this page
      header( 'Location: http://www.google.com' ) ;

 }

?>

For the Google map, replace xml file with php file

GDownloadUrl(“address.xml“, function(data) {  to:  GDownloadUrl(“address.php“, function(data) {

Simple as that. So if a curious viewer decides to enter “address.php” into there browser, they won’t get any data, just be redirected to some location you decide on.

There are also other ways to do this but IMO this is probably the simplilest and most effective.

Tags: , , , ,

Similar Posts
Posted in tech

Leave a Reply