Open HaseebLUMS opened 4 years ago
Yeah, I need to improve security quite a bit. I kept the firebase config public in case someone wants to clone and run. Thinking of using a separate config on my end so it doesn't interfere. Do you know if firebase provides some sort of rate limiting (without needing to create authentication accounts). I don't want to force people to log in.
@RafaeNoor maybe this is what you are looking for? https://stackoverflow.com/questions/24830079/firebase-rate-limiting-in-security-rules but i think this guy is having users to log in...
https://stackoverflow.com/questions/24830079/firebase-rate-limiting-in-security-rules
This looks promising I'll check this out too!
Curently, a csrf poc can be generated and automated to clutter your db with random data which can lead to various problems.
Implement some sort of rate limiting based on IP which will make it difficult (yeah, only difficult) to do this.