2.4 Security

Security-related settings.

"Gateway": {
  "DetailedErrors": false  // Production: false!
}

With true, full stack traces are returned.

"Gateway": {
  "AllowAdHocQueries": false  // Disable for more security
}

Prevents direct SQL execution via /query.

• Use HTTPS in production
• Ad-hoc queries only when needed
• Disable DetailedErrors in production
• Database user with minimal privileges
• Firewall: Only open required ports

• Reverse proxy (nginx, IIS ARR) recommended
• Configure rate limiting at proxy
• IP whitelisting if possible