Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Development plan in Firebase easily "DoSsable"?

Tags:

firebase

The development plan in firebase has a hard limit of "50 connections".

A connection is an open network connection to our servers. It’s a measure of the number of users that are using your app or site simultaneously.

Meaning that a user that opens 2 browser tabs to my application, uses 2 connections that stay open until he closes the tabs (or the application decides to close the connection).

Doesn't this mean that my application could be an easy target for DoS attacks? I mean, any bad guy could simply write

for(var i = 0; i < 51; i++) window.open('http://www.firebaseapp.com');

in a javascript console to disable access for other clients to any data. Or not?

Do I have to prevent this with any (my-)server side code, checking for ip's and such?

like image 310
Roman Avatar asked Oct 10 '13 09:10

Roman


1 Answers

Don't worry about DDoS attacks against your Firebase. They keep an eye on that kind of stuff for you.

If you have a paid plan, pricing is based on the 95th percentile of your concurrent connections. In other words, if those bursts are less than 5% of your traffic, it's no problem anyway.

All that being said, if you suspect your Firebase is being DDoS'ed, ping Firebase's support team.

like image 54
mimming Avatar answered Nov 18 '22 05:11

mimming