diff --git a/CHANGELOG.md b/CHANGELOG.md
index 12f44bb824ef0bc300cf78d638f5b59bfd90ed1e..2974b08dab6512faab2ca7cc37a0b6ac8b0f309c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
+* #130 - Error during `FIND ENTITY` when
+  `QUERY_FILTER_ENTITIES_WITHOUT_RETRIEVE_PERMISSIONS=False`.
 * #125 - `bend_symlinks` script did not allow whitespace in filename.
 * #122 - Dead-lock due to error in the DatabaseAccessManager.
 * #120 - Editing entities that were created with a no longer existing user
@@ -59,6 +61,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+* Server can be started without TLS even when not in debug mode.
 * Select queries would originally only select the returned properties by their
   names and would not check if a property is a subtype of a selected property. This
   has changed now and select queries will also return subtypes of selected
diff --git a/Makefile b/Makefile
index d73f140f065ca0b3db62651e40162194f4ffb4eb..1543286b67c6c7be20772a3b6932b9e0dcec27d5 100644
--- a/Makefile
+++ b/Makefile
@@ -24,6 +24,7 @@
 #
 
 CAOSDB_SERVER_VERSION ?= $(shell mvn org.apache.maven.plugins:maven-help-plugin:3.1.0:evaluate -Dexpression=project.version -q -DforceStdout)
+CAOSDB_COMMAND_LINE_OPTIONS ?=
 SHELL:=/bin/bash
 JPDA_PORT ?= 9000
 JMX_PORT ?= 9090
@@ -41,13 +42,14 @@ run: compile
 	mvn exec:java@run
 
 run-debug: jar
-	java -Xrunjdwp:transport=dt_socket,address=0.0.0.0:$(JPDA_PORT),server=y,suspend=n -Dcaosdb.debug=true -jar target/caosdb-server.jar
+	java -Xrunjdwp:transport=dt_socket,address=0.0.0.0:$(JPDA_PORT),server=y,suspend=n -Dcaosdb.debug=true -jar target/caosdb-server.jar $(CAOSDB_COMMAND_LINE_OPTIONS)
+
 
 run-debug-single:
-	java -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=$(JMX_PORT) -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Xrunjdwp:transport=dt_socket,address=0.0.0.0:$(JPDA_PORT),server=y,suspend=n -Dcaosdb.debug=true -jar target/caosdb-server.jar
+	java -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=$(JMX_PORT) -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Xrunjdwp:transport=dt_socket,address=0.0.0.0:$(JPDA_PORT),server=y,suspend=n -Dcaosdb.debug=true -jar target/caosdb-server.jar $(CAOSDB_COMMAND_LINE_OPTIONS)
 
 run-single:
-	java -jar target/caosdb-server.jar
+	java -jar target/caosdb-server.jar $(CAOSDB_COMMAND_LINE_OPTIONS)
 
 formatting:
 	mvn fmt:format
@@ -64,7 +66,7 @@ antlr:
 	mvn antlr4:antlr4
 
 test: print-version easy-units
-	MAVEN_DEBUG_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Dcaosdb.debug=true -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=0.0.0.0:9000"
+	MAVEN_DEBUG_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Dcaosdb.debug=true -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=0.0.0.0:$(JPDA_PORT)"
 	mvn test -X
 
 test_misc:
diff --git a/src/main/java/org/caosdb/server/CaosDBServer.java b/src/main/java/org/caosdb/server/CaosDBServer.java
index 4a69f24d4d905f5d8fea360c291dfc1522b414fc..74e70fc61feeb6ace0f1919610bee0cb868439cf 100644
--- a/src/main/java/org/caosdb/server/CaosDBServer.java
+++ b/src/main/java/org/caosdb/server/CaosDBServer.java
@@ -117,7 +117,7 @@ public class CaosDBServer extends Application {
   private static ArrayList<Runnable> postShutdownHooks = new ArrayList<Runnable>();
   private static ArrayList<Runnable> preShutdownHooks = new ArrayList<Runnable>();
   private static boolean START_BACKEND = true;
-  private static boolean INSECURE = false;
+  private static boolean NO_TLS = false;
   public static final String REQUEST_TIME_LOGGER = "REQUEST_TIME_LOGGER";
   public static final String REQUEST_ERRORS_LOGGER = "REQUEST_ERRORS_LOGGER";
   private static Scheduler SCHEDULER;
@@ -160,24 +160,23 @@ public class CaosDBServer extends Application {
    * Parse the command line arguments.
    *
    * <ul>
-   *   <li>"nobackend": flag to run caosdb without any backend (for testing purposes)
-   *   <li>"insecure": flag to start only a http server (no https server)
+   *   <li>"--no-backend": flag to run caosdb without any backend (for testing purposes)
+   *   <li>"--no-tls": flag to start only a http server (no https server)
    * </ul>
    *
-   * <p>Both flags are only available in the debug mode which is controlled by the `caosdb.debug`
-   * JVM Property.
+   * <p>The --no-backend flag is only available in the debug mode which is controlled by the
+   * `caosdb.debug` JVM Property.
    *
    * @param args
    */
   private static void parseArguments(final String[] args) {
     for (final String s : args) {
-      if (s.equals("nobackend")) {
+      if (s.equals("--no-backend")) {
         START_BACKEND = false;
-      } else if (s.equals("insecure")) {
-        INSECURE = true;
+      } else if (s.equals("--no-tls")) {
+        NO_TLS = true;
       }
     }
-    INSECURE = INSECURE && isDebugMode(); // only allow insecure in debug mode
     START_BACKEND = START_BACKEND || !isDebugMode(); // always start backend if not in debug mode
   }
 
@@ -347,7 +346,7 @@ public class CaosDBServer extends Application {
     final int maxTotalConnections =
         Integer.parseInt(getServerProperty(ServerProperties.KEY_MAX_CONNECTIONS));
 
-    if (INSECURE) {
+    if (NO_TLS) {
       runHTTPServer(port_http, initialConnections, maxTotalConnections);
     } else {
       runHTTPSServer(
diff --git a/src/main/java/org/caosdb/server/query/Query.java b/src/main/java/org/caosdb/server/query/Query.java
index cd323bd972b21a261c84bfa6c16c08ea54558fd0..058fc619e021b96e1ac3d83750d7ed84c5acc2c0 100644
--- a/src/main/java/org/caosdb/server/query/Query.java
+++ b/src/main/java/org/caosdb/server/query/Query.java
@@ -206,7 +206,7 @@ public class Query implements QueryInterface, ToElementable, TransactionInterfac
     }
   }
 
-  private static boolean filterEntitiesWithoutRetrievePermisions =
+  private boolean filterEntitiesWithoutRetrievePermisions =
       !CaosDBServer.getServerProperty(
               ServerProperties.KEY_QUERY_FILTER_ENTITIES_WITHOUT_RETRIEVE_PERMISSIONS)
           .equalsIgnoreCase("FALSE");
@@ -663,13 +663,15 @@ public class Query implements QueryInterface, ToElementable, TransactionInterfac
     if (this.container != null && this.type == Type.FIND) {
       for (final IdVersionPair p : this.resultSet) {
 
-        final Entity e = new RetrieveEntity(p.id, p.version);
+        if (p.id > 99) {
+          final Entity e = new RetrieveEntity(p.id, p.version);
 
-        // if query has select-clause:
-        if (this.selections != null && !this.selections.isEmpty()) {
-          e.addSelections(this.selections);
+          // if query has select-clause:
+          if (this.selections != null && !this.selections.isEmpty()) {
+            e.addSelections(this.selections);
+          }
+          this.container.add(e);
         }
-        this.container.add(e);
       }
     }
     return this;