2

How can you prevent a spike in firebase billing costs? For instance if a client gets compromised and starts sending billion of reads to firestore, this is very dangerous.

I am aware of the security rules to limit what info can be accessed. That doesnt solve the amount of reads being made though. How can I limit the risk of a a compromised client making unlimited reads? Why is it not possible to cap billing anymore when it spikes to ridiculous levels due to a hostile attack?

Only thing I can think of is writing my own api for it and provide limits. But isn't that the whole point of a serverless service like firebase not having to do that.. Thanks very much!

FriedrichCoen
  • 259
  • 1
  • 2
  • 9
  • 1
    *firebaser here* It is indeed no longer possible to set a spending limit on Firestore. That feature used to be inherited from Google App Engine, but was dropped at some point. The closest available is setting up tight budget alerts. If you get unexpected abuse of your project, [reach out to Firebase support](https://firebase.google.com/support/contact/troubleshooting/) for personalized help in troubleshooting. They're usually quite good at helping in such cases. – Frank van Puffelen May 13 '20 at 15:04

0 Answers0