I would like to use Leaflet or a Leaflet-like mobile-friendly library to produce a web map of points of interest, but I am concerned with how easy it is to just scrape the data from the javascript. Is there a way to prevent this?
[GIS] How to prevent data scraping in a web map
leafletSecurityweb-mapping
Related Solutions
For just drawing vectors, Leaflet or OpenLayers will do just fine. Nothing new there.
For vector tiled maps (i.e different resolutions/levels of detail at different zoom levels), TileStache is a simple and good server. I have been using with lots of experiments with Polymaps (AFAIK, the only general-purpose working js tiled vector viewer). Some people have used OpenLayers for adding tiled vector support, but AFAIK, it has not been integrated to trunk in a year, so it probably won't in the near future for lack of interest.
TileStache (the server) itself is working very well. Nevertheless, I have found several bugs with Polymaps and since it is not being updated anymore (abandoned project), I cannot convince myself to use it in production (I'd have to maintain it myself... I can't justify it to myself just yet.)
My solution for me has been to write a custom OpenGL native vector renderer which is used in AmigoCloud. In fact, that is how all maps are rendered in our service. For that purpose, TileStache has delivered quite well.
You want to look at the TileStache Vector Provider. For examples on how to use it, you can look at a very basic vector test suite I wrote.
Sadly, I don't think Leaflet has support for tiled vectors.
What you are encountering is just the initial learning curve. And with GeoServer (which the OpenGeo Suite uses) the learning curve is pretty nice. I'll try to list some concepts for you, and then if you can send me a URL or IP for your server, I can send you an example that uses your layers. For a deep dive in, check out my source code here: https://github.com/gccgisteam/maps-website. These are complicated examples, but use a lot of nice features out of GeoServer.
Here's a really simple map, just Open Street Maps and One GeoServer layer: https://gist.github.com/alexgleith/8ff4794153c7fc0124b3
View it live here: http://rawgit.com/alexgleith/8ff4794153c7fc0124b3/raw/ac7b23726798d0d0c74a3c74912e18f67f1598ab/index.html
Now this example is as simple as it gets. You can add any of the Leaflet plugins or zoom buttons, or whatever.
So, as promised, here's my list of concepts:
- OpenGeo Suite installs GeoServer, Postgres+PostGIS and GeoExplorer
- GeoServer runs in Tomcat, which is a Java servlet container
- GeoServer consumes spatial data (from your file system or a database) and produces a standard API to access that information
- Two main ways to access information are: a) as a rendered image (WMS/WMTS) or vector data (WFS)
- You want to use WMS for displaying many features, and WFS for displaying only one, or for editing (but you can't really edit with Leaflet).
- If you use GeoServer then you want to understand GeoWebCache, which is a intermediary between the consumers of WMS and your server, and it caches things and makes them fast.
Leaflet is just a javascript library for presenting WMS and other data. You should learn what GeoJSON is and how to get it out of a WFS request, but that's for later.
For now, get my GIST and change the WMS layer to point at your server and layer (remember that you have a layer that is referenced with WORKSPACENAME:LAYERNAME). You also probably don't have a reverse proxy in place (which means you can get rid of the :8080) so you will have a URL or IP like http://myserver.com:8080/geoserver.
I hope that helps!
(Oh, final plug, if you get a reverse proxy working and set up Cross Origin Resource Sharing then you can use my new tool, BootLeaf GeoServer. Let me know if I should write something up about reverse proxies and CORS.)
Best Answer
There isn't really going to be a great solution.
If you put your site behind SSL and made your data stuff that your script downloads through AJAX calls, then at least you don't have your data right there in the page or script source nor is it available to packet sniffers but someone could run your page in a script debugger such as Chrome offers and they could grab your data as the script processes it.