Thread: [SailfishOS] Pure Maps
View Single Post
otsaloma's Avatar
otsaloma is offline otsaloma
2018-08-26 , 12:04
Posts: 141 | Thanked: 1,530 times | Joined on May 2011 @ Finland
#27
Originally Posted by rinigus View Post
Looks like someone used my keys for MapQuest for DDOS attack or some other use. While we are using "Open" versions of geocoder and router, someone used their regular geocoding and directions service. As a result, instead of ~150 calls by Pure Maps users, 16000 were done in addition wiping out monthly quota.

Osmo, MartinK: has something like it happened for you?
Ouch. I have noticed some "extra" use, of Mapbox if I recall correctly, basically stats showing use of some particular services that I hadn't shipped with Poor/WhoGo Maps. But that was such small scale use that I didn't bother to react to it. I haven't seen anything that could be called malicious.

But, I have thought about this, the obvious first thing to do is to revoke the key and get a new one. The next step would be to remove the keys from the source and when running qml/qmlscene, read them from environment variables and when building the RPM, write them from environment variables into JSON. The keys would still be installed as plain text, but getting them away from GitHub might help. Plain text files in RPMs and on devices could still be a problem, but that seems more difficult to solve.
 

The Following 11 Users Say Thank You to otsaloma For This Useful Post: