react-native-geocoder icon indicating copy to clipboard operation
react-native-geocoder copied to clipboard

Published 20 hours ago verified publisher icon devfd

Security concern for Google Key

Open sandropoluan opened this issue 7 years ago • 4 comments

import Geocoder from 'react-native-geocoder'; // simply add your google key Geocoder.fallbackToGoogle(MY_KEY); Is it save to put the KEY on javascript file (client side) ? Will it not be readable by someone?

sandropoluan avatar Jul 08 '17 07:07 sandropoluan

You can use react-native-dotenv and keep your keys outside the code

sibelius avatar Jul 08 '17 12:07 sibelius

@sandropoluan, The app keys can still be reverse engineered. You will need to design your app with that in mind.

brunsy avatar Aug 02 '17 00:08 brunsy

to comment on this I think it is definitely not safe, however I don't think there is any alternative to this if you want to fallback to google api solely from the client app. the fallback thing is optional though, so up to each one whether they want to risk exposing their key or not. would adding this warning to the README.md documentation be enough in order to close this issue?

victorbadila avatar Sep 11 '17 13:09 victorbadila

I know this is stale, but you have to place your API key in the client-side application for the client-side google maps api to work. That being said, they allow you to restrict access to IP addresses, referrer URLs and mobile apps. Client side maps API keys are everywhere, you just have to restrict access to them appropriately to avoid being exploited. See https://stackoverflow.com/a/39625963/5380634 and https://console.developers.google.com

gareys avatar Jun 09 '18 04:06 gareys