How are firebase services are protected from DOS attacks? I'm specifically looking for some pointers on services for firestore, cloud storage and cloud functions. Are there any options available for application teams to apply throttling limits by on a project level or service level or individual service level in case of cloud functions?
Asked
Active
Viewed 1,459 times
1
-
1This has been covered quite a few times already, so I recommend reading these and posting back if you have concrete questions that haven't been covered yet: https://www.google.com/search?q=site:stackoverflow.com+how+to+protect+firestore+project+from+DOS+attacks – Frank van Puffelen Dec 20 '20 at 05:47
1 Answers
2
The best way would be to not expose your Firestore read/write access directly and to abstract it using REST APIs.
In the Firebase Docs here:
... you can integrate popular Node.js middleware offerings to build additional security layers, like access management by IP or protection from denial-of-service (DDoS) attacks.
There is a pretty thorough example of how to achieve this in Node.js here using throttling and debouncing: Take a look at the answer to this question
Ayushya
- 364
- 1
- 8