9

The development plan in firebase has a hard limit of "50 connections".

A connection is an open network connection to our servers. It’s a measure of the number of users that are using your app or site simultaneously.

Meaning that a user that opens 2 browser tabs to my application, uses 2 connections that stay open until he closes the tabs (or the application decides to close the connection).

Doesn't this mean that my application could be an easy target for DoS attacks? I mean, any bad guy could simply write

for(var i = 0; i < 51; i++) window.open('http://www.firebaseapp.com');

in a javascript console to disable access for other clients to any data. Or not?

Do I have to prevent this with any (my-)server side code, checking for ip's and such?

Roman
  • 5,888
  • 26
  • 47
  • 1
    In theory this is possible, but obvious cases of a DoS can be manually flagged by Firebase. It's very difficult to distinguish between a site that's suddenly become popular vs. a site that's actively being DoSed. – Anant Oct 11 '13 at 18:43

1 Answers1

4

Don't worry about DDoS attacks against your Firebase. They keep an eye on that kind of stuff for you.

If you have a paid plan, pricing is based on the 95th percentile of your concurrent connections. In other words, if those bursts are less than 5% of your traffic, it's no problem anyway.

All that being said, if you suspect your Firebase is being DDoS'ed, ping Firebase's support team.

mimming
  • 13,974
  • 3
  • 45
  • 74