I am learning Firebase and I might use it in production. I can not find how to prevent a logged in user to edit javascript code and trigger thousands of reads per day automatically and that I will have to pay for. As far as I know, any user who would like to increase my firebase bill could set a timer by editing javascript code and read and write every 4 seconds where he can in the firestore database. How can you prevent a user read rate per day or hour?
There is no way to set a read limit on Cloud Firestore.
You can implement a write limit in security rules as shown in this answer: How do I implement a write rate limit in Cloud Firestore security rules?. Alternatively you can pass all writes through Cloud Functions, where you can control the rate through your own code.
If you've set your security rules to limit users to the minimum data they need to be able to access, and think you're being abused, reach out to Firebase support for personalized help in troubleshooting.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With