search

RafaeNoor / GDrive-Party

A Netflix Party equivalent using videos hosted on Google Drive: https://gdrive-party.web.app/
MIT License
31 stars 10 forks source link

security: rate limit the users #5

Open HaseebLUMS opened 4 years ago

HaseebLUMS commented 4 years ago

Curently, a csrf poc can be generated and automated to clutter your db with random data which can lead to various problems.

Implement some sort of rate limiting based on IP which will make it difficult (yeah, only difficult) to do this.

RafaeNoor commented 4 years ago

Yeah, I need to improve security quite a bit. I kept the firebase config public in case someone wants to clone and run. Thinking of using a separate config on my end so it doesn't interfere. Do you know if firebase provides some sort of rate limiting (without needing to create authentication accounts). I don't want to force people to log in.

sabdulm commented 4 years ago

@RafaeNoor maybe this is what you are looking for? https://stackoverflow.com/questions/24830079/firebase-rate-limiting-in-security-rules but i think this guy is having users to log in...

RafaeNoor commented 4 years ago

https://stackoverflow.com/questions/24830079/firebase-rate-limiting-in-security-rules

This looks promising I'll check this out too!