0

I am crating an android app where user can play games and earn single coin at each win. I have already implemented security rules for my fire store user data. Rule No 1 : Only Authenticated user can do anything (mostly read/ write). Rule No 2: Only Authenticated user can insert coin into there own document (this will prevent no one can change others coin information).

but My problem is. FIRESTORE bills monthly for TOTAL NUMBER OF READ and WRITES. Suppose if any hackers tries to make BILLING ATTACK to my fire store database ending up with huge bill.

Even If I write security rule that will check with timestamp of incoming request with users time stamp.. but it's again cost 1 read for each request.

I don't know how to enforce security policy where user can't request many firestore request call at a time.

Example: If hacker made 1000 request X per minute => cost huge bill. Can anyone help how to enforce security rule that will block hacker from DDOS attack (billing attack).

Need security practice where I can prevent hackers from DDOS / Billing attack.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
Neo Ajay
  • 1
  • No one can DDOS a Google Cloud service. They are massively scalable and have protections against this form of abuse. Billing for usage is entirely up to you, however. If you give someone access to read a document directly, you can't stop them from reading that document as much as they want. If you are worried about your bill, set up a [budget alert](https://cloud.google.com/billing/docs/how-to/budgets) so that you can choose to shut down your project if you think it's going to exceed your budget. – Doug Stevenson Aug 06 '23 at 13:16

0 Answers0