I have an address, I need to get the coordinates of it, then retrieve some PDF based on that.
For the coordinates, I’m using GMaps. If the address is unambigous, then it’s easy.
But if the address is ambigous (not found or more than one coordinate is returned), then I show a static html with gmaps json, and allow the use to choose a coordinate. The clicked coordinate is returned to me as a GET request on a specific URL. This is the async part.
Now I put every needed data in that callbak URL, protecting it with a MAC, but the data flow is disrupted here.
To get the PDF, I check the address, possibly serve the static HTML for clicking the coordinates, and “get back to work” in a separate handler, for a separate (hopefully not forged) request, continuing the flow.
This continuation disturbs me. Is there a better way for doing this, or a better way to think about it, to avoid the uneasiness?
Maybe I was naive when said that I can secure the staticHTML -> gmaps js -> service chain, as after serving the staticHTML, a malevolent client can do anything with it. Only an asymmetric crypto could help, but I don’t know whether this really needs it.
Tamas, what are you trying to accomplish exactly?
Get the coordinates for an address by showing a google maps page to the
And do this in one run, without a callvack, of possible.
Ernesto Jimenez email@example.com ezt írta (időpont: 2015. okt. 18.,
Just having a quick look at the project I see a big issue. You are storing state in the backend in memory: the
Interactive's content and the mac’s key are the first things that I saw.
That’s very problematic:
- If your server is restarted in the middle of a user’s session, their session will be broken.
- You can just have one server process running rather than having more than one behind a load balancer.
My first tip would be to keep all that state out of memory.
Also, keep in mind that assigning a user the coordinates based on the geocoding of the address without having the user be able to confirm that might produce the wrong result. Geocoders are not perfect and there are cases where you might be given the wrong set of coordinates.
You’re right, thant Interactive is not usable ATM. I’m trying to translate a service written in Python, which has a handler which gets an ID, fetches the address from the database, calls gmaps api to get the coordinates for it. If it returns exactly one coordinate, then updates the db with that and uses those coordinates to fetch the PDF from another service, and both store it in another service and serve it to the user.
This “serve the html, and that may call the ‘set’ service someday” is what bothers me a little bit. But I see no other solution.
I’ve tried to protect the “set” service with a MAC, but now I’m confused, is it possible at all?
That’s why I think now that this whole MAC protection is uneffective and too much complexity for nothing.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.