clarify implications of disabling SignalR MaximumReceiveMessageSize

[cyungmann]

Description

This page says that

Increasing the value might increase the risk of Denial of service (DoS) attacks.

Under what conditions does or doesn't it increase the risk of Denial of Service (DoS) attacks? Is this risk mitigated at all by using an AuthenticationScheme on the SignalR hub requiring bearer access tokens in the HTTP headers (i.e. does this prevent unauthorized users from performing DoS attacks)? Are there other implications (security, performance, etc) of increasing the value or disabling the limit entirely?

See also my SO question about this here.

Page URL

https://learn.microsoft.com/en-us/aspnet/core/signalr/configuration?view=aspnetcore-8.0&tabs=dotnet#configure-server-options

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/signalr/configuration.md

Document ID

66d252c3-6300-7e28-9aa0-ef2ff66e7a76

Article author

@bradygaster

[cyungmann]

@wadepickett is there anyone from the SignalR team who could clarify the docs, comment on this issue, and/or respond to my SO question? Thanks in advance!