2

I am trying to switch from virtual (VE) earth to google map (GM).

It is pretty easy to overlay a georss feed over a map in VE as well as in GM:

var georssLayer = new google.maps.KmlLayer('www.bla.com/kmls/k1');
georssLayer.setMap(map);

Unfortunately, google requires the 'kml address' to be public. What can I do to achieve the same functionality if my address is not public (e.g. when the user has to login before [s]he can enjoy the map)?

Thanks.

Christian

cs0815
  • 16,751
  • 45
  • 136
  • 299

2 Answers2

5

I've thought about this issue before and this is the solution I've come up with (although I haven't implemented it yet).

  • The server code that generates the html page in which the map is embedded should generate a temporary token that is tied to the current user in the database.
  • Make the KML address public, but pass the temporary token to it as a query parameter
  • Include logic in the KML server code that checks the passed token to be sure it is valid
  • The token should only be valid for a limited time.

This solution will be slightly less secure than full id/pw authentication on the KML resource. But by using a short lived token, it may be good enough, depending on your requirements.

Mark
  • 5,499
  • 34
  • 29
1

Now that it's 2023 and using cloud providers is pretty common, I thought I'd give a more specific answer.

All object storage solutions for the top 3 cloud providers have some sort of public, but time-limited access controls. I would probably use that for sharing my KMLs with Google Maps.

  1. Amazon S3 has presigned URLs
  2. Microsoft Azure Storage has shared access signature
  3. Google Cloud storage has signed URLs

All different ways of saying "temporary token." The nice thing is that you don't have to reinvent the wheel.

starball
  • 20,030
  • 7
  • 43
  • 238
ahong
  • 1,041
  • 2
  • 10
  • 22