Hi,
We are integrating DMA Maps with Google Maps and Customer security department raised the following questions:
- Which information will be sent to Google?
We plan to create a layer presenting Geo coordinate (Long / Lat) and VSAT Network KPI on the site (Latency, Traffic, Signal Strength, etc.…). - Which mechanism is implemented by SKYLINE for protect the API Key in the code (script on browser)?
Sergio Abreu [SLC] [DevOps Advocate] Selected answer as best 6th July 2022
- Our DataMiner Maps application loads in the Maps JavaScript library from Google and executes methods from this library. I can't say what information Google sends to itself and what information they collect, we have no control over this. Google provides more details about this in the Google Cloud Platform portal (see project settings, privacy & security). You must agree to their terms (including their data processing terms) to be able to use the Google Maps JavaScript API. In case you have concerns, we have alternatives, DataMiner Maps can also be used with OpenStreetMap and OpenMapTiles (which can be hosted offline).
- The browser has to know the API key to be able to pass it on to Google, so inside the browser there is no security on this. When configuring your DataMiner with https, then this API key is always transferred securely over the network and the Internet. Users have to authenticate on DataMiner first before they are able to get access to the API key. Note that an API key is always linked to a FQDN (as configured in the Google Cloud Platform portal).
Sergio Abreu [SLC] [DevOps Advocate] Selected answer as best 6th July 2022
No, it’s saved in plain-text in an xml file (MapsServerConfig.xml). I think this is fine because this API key should not be seen as a private key. Google Maps has build-in protection so that this API key can not be used by someone else on another website. There are numerous websites with a Google Maps integration available publicly on the Internet of which you can easily get the API key.
I’m wondering if the API key stored on disk in an encrypted form?