SignalR Security

DiunaBI.API/Program.cs

@@ -37,7 +37,12 @@ builder.Services.AddSingleton<EntityChangeInterceptor>();
 builder.Services.AddDbContext<AppDbContext>((serviceProvider, options) =>
 {
     options.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly("DiunaBI.Infrastructure"));
-    options.EnableSensitiveDataLogging();
+
+    // Only log SQL parameters in development (may contain sensitive data)
+    if (builder.Environment.IsDevelopment())
+    {
+        options.EnableSensitiveDataLogging();
+    }
 
     // Add EntityChangeInterceptor
     var interceptor = serviceProvider.GetRequiredService<EntityChangeInterceptor>();
@@ -254,8 +259,8 @@ app.Use(async (context, next) =>
 
 app.MapControllers();
 
-// SignalR Hub
-app.MapHub<EntityChangeHub>("/hubs/entitychanges");
+// SignalR Hub - Requires JWT authentication
+app.MapHub<EntityChangeHub>("/hubs/entitychanges").RequireAuthorization();
 
 app.MapGet("/health", () => Results.Ok(new { status = "OK", timestamp = DateTime.UtcNow }))
     .AllowAnonymous();