Reputation: 439
Is it possible to Control a flood in Firebase
I am working on an Android app that uses firebase realtime-database to store messages from users for a public chat. Since I am pretty new to firebase security, I was wondering whether it is possible to control a flood of messages to the public chat.
I have implemented the firebase rules as such that,a user needs to be authenticated before sending a message to the public chat.
However I am curious to know whether it is possible to flood the public chat if a user happen to authenticate using firebase javascript or nodejs library and write a loop to send messages continuously. Hence using up the bandwidth set for my firebase app.
Below is an example of my Firebase database design for the public chat node
"exmaplePublicChatName":{
"message1":{
"timestamp": 324324324,
"uid": "uid",
"message": "message1"
},
"message2":{
"timestamp": 324324234,
"uid": "uid",
"message": "message2"
}
}
Upvotes: 1
Views: 586
Answers (1)
Reputation: 5339
you can use ".write": "!data.exists()" for testing if the same data is repeated also ".validate": "newData.child('timestamp').val() <= root.child('exmaplePublicChatName').child(messageId).child('timestamp').val() - 2000" to test the difference between the two messages is 2 seconds or not no one can hack, broke or guess the random id generation of firebase
Upvotes: 1
Related Questions
- Securing Google Firebase from DDOS / attackers and prevent surprise bills
- Firebase rate limiting in security rules?
- Limiting a Firebase Realtime Database Query
- Securing Firebase Realtime Database while keeping optimisations
- How to limit rate of data reads from Firebase?
- Limit the number of user in Firebase Realtime database
- How to ensure data security in Firebase?
- Firebase Android Banning Users
- Firebase Realtime Database Limit Exceed
- How to limit concurrent connections on Firebase Android