The development plan in firebase has a hard limit of "50 connections".
A connection is an open network connection to our servers. It’s a measure of the number of users that are using your app or site simultaneously.
Meaning that a user that opens 2 browser tabs to my application, uses 2 connections that stay open until he closes the tabs (or the application decides to close the connection).
Doesn't this mean that my application could be an easy target for DoS attacks? I mean, any bad guy could simply write
for(var i = 0; i < 51; i++) window.open('http://www.firebaseapp.com');
in a javascript console to disable access for other clients to any data. Or not?
Do I have to prevent this with any (my-)server side code, checking for ip's and such?
Don't worry about DDoS attacks against your Firebase. They keep an eye on that kind of stuff for you.
If you have a paid plan, pricing is based on the 95th percentile of your concurrent connections. In other words, if those bursts are less than 5% of your traffic, it's no problem anyway.
All that being said, if you suspect your Firebase is being DDoS'ed, ping Firebase's support team.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With