0

If you have an application that you have configured as Email / password authentication it seem any user of that app can write some code to create thousands of users. The email addresses do not even have to be valid.

You can write rules to prevent data from being written or read but I don't see a way to prevent users from creating more users. What am I missing here?

VladimirSD
  • 401
  • 3
  • 11
  • Yes I think you're right it's a duplicate. I wish I could comment on Kato's answer but i don't have enough reputation points. I don't understand how letting a malicious user create thousands or millions of bogus uses is not an issue. They will show up on the registered users page in the app Dashboard. Or someone using real email addresses and then sending out password reset emails on behalf of your app just for fun. – VladimirSD Nov 17 '15 at 18:24
  • *Disclosure: I work on Firebase.* We monitor for such abusive scenarios. – Frank van Puffelen Nov 17 '15 at 20:12

0 Answers0