0

Hope you guys are all doing well. I just have a quick question regarding Firebase and how if Firebase has any sort of ways to detect malicious users?

The scenario I am imagining is that some user downloaded my app and for whatever reason wrote some script or something that just continuously reads and writes to my Firebase firestore and/or storage

I am wondering if Firebase has any built in functionality that detects any unusual amounts of read/writes from a single user or what are some ways I can do so to prevent a user from, say, read and/or write more than 100 times within 1 min?

Thanks

SushiRiceOverEggs
  • 172
  • 2
  • 11
  • you can limit the number of documents being queried at once using the firestore security rules => https://firebase.google.com/docs/firestore/security/rules-query#evaluating_constraints_on_queries – Harkal Sep 30 '20 at 19:18
  • If you want to implement a (per user or global) write rate limit in Firestore security rules, have a look at: https://stackoverflow.com/questions/56487578/how-do-i-implement-a-write-rate-limit-in-cloud-firestore-security-rules – Frank van Puffelen Sep 30 '20 at 22:13

1 Answers1

0

Firebase doesn't have any per-user accounting. If you want to record what each user is doing and enforce limits, you'll have to implement that yourself. Security rules also will be of little help to you enforcing overall read limits. You will have to:

  1. Force all users to access the database through a backend you control
  2. Send the identity of the user along with the request
  3. Record somewhere how much that user has read and written
  4. Refuse to perform more queries if that limit is exceeded, for whatever threshold or duration you define.

In short, it's a lot of work you have to do yourself.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441