Reputation: 425
Should we allow user upload directly to Google Firebase Storage?
I'm building an app that allows users to upload pictures and videos to Google Firebase Storage through an Android application. But I was thinking about an attacking scenario when an attacker tries to upload executable files or extremely heavy files (says 1 TB). To prevent that, I think I will let the client-side upload the file through Cloud Function instead (so we can verify the file before saving it). But if I solve the problem that way, then it will be very inefficient because we need to send the whole file's data to the cloud function.
So, should we allow users to upload file directly to the storage. And if yes, how can we prevent such attacking scenario (and similar ones)
Upvotes: 0
Views: 181
Answers (1)
Reputation: 1945
You can configure you Firebase Storage rules to only allow files of specific size.
For example, if you want to only allow files less than 2MB, then you can do this:
allow write: if request.resource.size < 2 * 1024 * 1024;
You can read more about it here.
Upvotes: 1
Related Questions
- Uploading files from Firebase Cloud Functions to Cloud Storage
- How to properly upload files to Firebase Storage from client?
- Firebase storage allow firebase function to upload files without authentication
- Upload Image to Firebase storage and Cloud functions
- Uploading to Firebase Storage from a Google Cloud Function
- Upload images to firebase storage with rest api
- Firebase Storage really needs a user to upload files?
- Firebase Storage/Bucket public upload with node.js
- firebase storage upload from google cloud storage java api
- Should I be uploading to Google Cloud Storage directly from an Android App?