What can be done to prevent a DoS attack for a Supabase hosted app? If someone runs a script to hit the DB over and over, that is a pretty easy way to bring down the app and hike up the fee.

I don't think any fees would change, Supabase doesn't charge for API requests

true, but the question of denial of service remains. Does the fact that that the API sits behind Kong's API gateway provide any protections?

won't there be chargers for the transfer limits though, if you were on the "pay as you go" plan? like the database/object storage transfer charges? thanks

We should put some dedicated time to this problem and other similar problems. It's probably top of mind for people.

I heard they are implementing rate-limiting which may reduce DDoS impact a bit - not sure about the timeline of the feature though... https://www.reddit.com/r/Supabase/comments/p7vhbi/rate_limiting/

I've heard that as well. But the time line is murky. Hopefully this is something they can get up and running in a month or so.