Heimdall's proxy is designed to operate in as lightweight a mode as possible. As such, there are a few requirements to meet: Disable SSL/TLS from the application to the proxy. When installed on the server as the application, this allows queries to be received and processed without the overhead of the encryption, which isn't necessary when not going over the wire. Instead, set the TLS/SSL requirement in the Heimdall data source to enforce security over the wire; Specify the proper bind mode for the proxy to provide the maximum amount of security possible. If set to "localhost only" then only local processes can connect to the proxy, insuring that the database isn't exposed via the proxy on the server to outside users; * Insure that if not using localhost, then the user credentials are provided in the configuration, and authentication is enabled.