Firebase Database User Quota

148 views

Skip to first unread message

Robert Budźko

unread,

Feb 2, 2017, 9:46:01 AM2/2/17

to Firebase Google Group

Hi,

I'm struggling to understand how one can control usage of Firebase Database. Write and Read can be controlled by permissions. Write can be strictly controlled, because implicitly bases on the state written and being written. Read is different though - we might allows particular user to read some stuff, but on other hand we would like to restrict him not to be able to do it too often, because we know that it does not make sense to read more then 10 000 times per day. We are also facing uncontrolled bandwidth usage here.

How can we achieve throttling client in a secure way?

Thank you,

Robert

Tom Larkworthy

unread,

Feb 2, 2017, 1:50:37 PM2/2/17

to Firebase Google Group

So we have a few techniques for write throttling:-

http://stackoverflow.com/questions/24830079/firebase-rate-limiting-in-security-rules

Its not ideal but for read throttling a workaround could be

- client writes a "read access token" + server timestamp under a location keyed by their auth.uid

Security rules:

- enforce write throttling on the read access token writes

- read are predicated on the existence of a read access token within a reasonable timewindow for the reader

Its not normally an issue that come up, because reads are implemented using listen streams which are efficiently syncronized and kept up to date, its not usually an issue that a client "sends lots of read requests". The typical ways to get the server to resend the same data is to unsubscribe to listens, use the once functionality, or read using the REST API. So if there is the ability to migrate the read path towards listens that are never unsubscribed, that might be a better way to deal with high read bandwidth, although without context of your application I am not sure if that's possible.

Tom

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/bb3d73da-e5da-4538-8478-eef9a1a75fdd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages