Reputation: 729
Prevent users to read an entire collection in Firestore?
I have a collection with around 30 thousands documents. My security rules are configured so that only authenticated users can read such documents from this collection. I cannot add more constraints regarding read operations for this specific collection. When using my app, up to 50 documents are averagely returned, depending on the query. Is there any way to prevent a malicious user to download the entire collection in Firestore?
Upvotes: 3
Views: 1001
Answers (1)
Reputation: 598817
To limit the number of documents a user can read at once, you can include a limit in your security rules as shown in the documentation on securely querying data:
allow list: if request.query.limit <= 50;
Keep in mind that rules are not filters, so the application code will also need to include this (or a lower) limit in its code.
Upvotes: 3
Related Questions
- Allow Read access to one specific collection in Firebase Firestore
- Firestore rules to read only one collection and rest of the database restricted
- Firestore security rules. Allow reading a full collection (documents and subcollections)
- Firestore security rule to limit reads to use collectionGroup(..)?
- View only certain collections by user on Firebase/Firestore
- Firebase/Firestore How can I give a permission specific collections in Firestore?
- Android - Get only accessible collections in Firestore
- Prevent reading a certain collection
- How can I restrict access to collections when using Firestore's REST API
- How to restrict users from reading data from Firestore documents?