diff --git a/server/core/DbCreator.js b/server/core/DbCreator.js
index 58cf44a..8323721 100644
--- a/server/core/DbCreator.js
+++ b/server/core/DbCreator.js
@@ -76,8 +76,12 @@ class DbCreator {
         if (inpxFilter) {
 
             let recFilter = () => true;
-            if (inpxFilter.filter)
-                recFilter = new Function(`'use strict'; return ${inpxFilter.filter}`)();
+            if (inpxFilter.filter) {
+                if (config.allowUnsafeFilter)
+                    recFilter = new Function(`'use strict'; return ${inpxFilter.filter}`)();
+                else
+                    throw new Error(`Unsafe property 'filter' detected in ${this.config.inpxFilterFile}. Please specify '--unsafe-filter' param if you know what you're doing.`);
+            }
 
             filter = (rec) => {
                 let author = rec.author;
diff --git a/server/index.js b/server/index.js
index c3023c9..53d1ba1 100644
--- a/server/index.js
+++ b/server/index.js
@@ -104,6 +104,7 @@ async function init() {
 
     config.recreateDb = argv.recreate || false;
     config.inpxFilterFile = `${config.execDir}/inpx-web-filter.json`;
+    config.allowUnsafeFilter = argv['unsafe-filter'] || false;
 
     //app
     const appDir = `${config.publicDir}/app`;