7

I would like to limit the rate of data reads per user from the Realtime Database. There are good ways to limit writes like described here but I can't find any solution on how to limit data reads.

Can this be done with Security Rules, Cloud Functions or can I limit it somewhere in the Firebase account? I have checked the documentation but can't find the answer.

Dave
  • 2,684
  • 2
  • 21
  • 38

1 Answers1

4

This applies to both Realtime Database and Firestore, except with different terminology. (Location == document)

You won't be able to do this without also writing some value at a location in the database every time a read is performed. You can't write a location in a security rule, and you can't force the client to write at the same time as a read.

Even if you were able to write a location in a rule to use in a rate limit, you would then have to read that location for every read that must be limited, and that kind of defeats the purpose of a rate limit (since they could continue to try to read a restricted location in a way that just causes more reads to happen).

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
  • Thanks for information. Is there a way to limit read operations per second per user with quotas like in the Google Cloud Platform? – Dave Feb 03 '19 at 23:22
  • 1
    No, you can't. You can file a feature request, though. http://firebase.google.com/support/contact/bugs-features – Doug Stevenson Feb 03 '19 at 23:25
  • 13
    @DougStevenson So using Firebase (RTDB or Firestore) means anyone will be able to hack your app to explode your reads and potentially make you go bankrupt? That must be wrong. – gustavopch Sep 27 '19 at 17:03
  • 7
    No support for rate limits is truly crazy. I just filed a feature request here: https://firebase.google.com/support/troubleshooter/report/features/ . I would suggest you do the same so this can be taken care of. – Alex Gogl Jan 07 '20 at 12:22