I am having a charity website, which stores how much money are donated to different projects in a public Firestore database (Read access - public, Write access - none). Basically that is fine for security, but what if a hacker maliciously sends millions of reads to the public documents. That will increase my bill a lot. How can I prevent this from happening, while simultaneously keeping the data publicly accessible.
Asked
Active
Viewed 598 times
2
-
2In GCP you have [Cloud Armor](https://cloud.google.com/armor/docs/security-policy-overview), a product specifically defined for preventing DDoS attacks. The problem is that it depends on global load balancing and Firestore does not require it because its own load balancing capabilities. In any way, please, take a look at the product, maybe it could be of help. – jccampanero Dec 28 '20 at 11:01