diff --git a/src/main/java/de/thm/arsnova/controller/AbstractControllerExceptionHandler.java b/src/main/java/de/thm/arsnova/controller/AbstractControllerExceptionHandler.java
index c0baf0fa239c8a77d91bbd3a8b6f95c2a3775d71..a393dc2483fac635661f05abb036c610b4fd1edf 100644
--- a/src/main/java/de/thm/arsnova/controller/AbstractControllerExceptionHandler.java
+++ b/src/main/java/de/thm/arsnova/controller/AbstractControllerExceptionHandler.java
@@ -1,13 +1,20 @@
 package de.thm.arsnova.controller;
 
+import org.springframework.beans.factory.annotation.Value;
+
 import java.util.HashMap;
 import java.util.Map;
 
 public class AbstractControllerExceptionHandler {
+	/* Since exception messages might contain sensitive data, they are not exposed by default. */
+	@Value("${api.expose-error-messages:false}") private boolean exposeMessages;
+
 	protected Map<String, Object> handleException(Throwable e) {
 		final Map<String, Object> result = new HashMap<>();
 		result.put("errorType", e.getClass().getSimpleName());
-		result.put("errorMessage", e.getMessage());
+		if (exposeMessages) {
+			result.put("errorMessage", e.getMessage());
+		}
 
 		return result;
 	}
diff --git a/src/site/markdown/development.md b/src/site/markdown/development.md
index 8aee947e0c48f297330c3330e11a448720fd7bff..e7bf9aaf527bff5691327a3746897d9b3ca4f325 100644
--- a/src/site/markdown/development.md
+++ b/src/site/markdown/development.md
@@ -37,6 +37,9 @@ Run the following command to download the dependencies and startup the backend w
 
 After a few seconds the ARSnova API will be accessible at <http://localhost:8080/>.
 
+You can adjust the amount of debug logging by changing the log levels in [log4j-dev.properties](src/main/resources/log4j-dev.properties).
+Additionally, you can enable exception messages in API responses by setting the boolean property `api.expose-error-messages` in `arsnova.properties`.
+
 
 ## Continuous Integration