====== 2.4 Security ======

Security-related settings.

===== Detailed Errors =====

<code javascript>
"Gateway": {
  "DetailedErrors": false  // Production: false!
}
</code>

With ''true'', full stack traces are returned.

===== Ad-Hoc Queries =====

<code javascript>
"Gateway": {
  "AllowAdHocQueries": false  // Disable for more security
}
</code>

Prevents direct SQL execution via ''/query''.

===== Recommendations =====

  * Use HTTPS in production
  * Ad-hoc queries only when needed
  * Disable DetailedErrors in production
  * Database user with minimal privileges
  * Firewall: Only open required ports

===== Network Security =====

  * Reverse proxy (nginx, IIS ARR) recommended
  * Configure rate limiting at proxy
  * IP whitelisting if possible