Run VESencrypt on our server
Run VESencrypt on your server
Beware: If the VESencrypt profile has already been set up, or if the proxy username is supplied without the original server hostname, the proxy connection will stall until approved in the Profile Manager. Otherwise, a grace pass-through connection without encryption will be immediately established to the database server.
Replace the database server settings in your applicaiton as following:
The password does not change.
If your software has problems with long usernames or special characters in a username, the proxy username can be reduced to firstname.lastname@example.org, other values will need to be supplied manually in the VESencrypt Profile.
You may use the mysql console with the new proxy settings:
mysql -h try.vesencrypt.com172.17.0.2 -P 3306 -u 'email@example.com!acmeuser1!mysql.acme.com:13306' -pacmesecret1
Proxy Connection Troubleshooting
Some MySQL clients and libraries, notably RazorSQL, misbehave in response to a hint from the VESencrypt Proxy to use cleartext authentication, and reject the session with vatious error messages. In such case, connect to application server or MySQL client to port 33306 instead of 3306, both for VESencrypt trial server and for a Docker deployed container.
Once the DB settings are applied, the application will connect to the VESencrypt proxy instance.
As long as VESencrypt profile identified as
Use the top right menu to log in / sign up with the real email address you are using instead of firstname.lastname@example.org to receive the alerts from the proxy.
You (email@example.com) will receive an incoming connection notification, and see an alert at the top of this page.
Follow the alert to the Profile Manager page to set up your VESencrypt profile.
Once the Profile is created, any further connections from new source IPs will be stalled until you approve or reject them in the Profile Manager.
Before approving any connection to the existing profile, make sure the connection is legitimate. Beware of potential hack attemtps to get hold of your encryption keys.
When changing the database host, username and/or password, it is necessary to update the VESencrypt Profile accordingly through the Profile Manager. The server settings pointing to the proxy do not need to be updated, by any request from a new IP will be automatically rejected be the Profile Manager if the requested password does not match the current password in the Profile.
In case of accidentally approving a non-legitimate proxy request, or if an unauthorized access to any server running a VESencrypt proxy is suspected, immediately change your database password, and follow the emergency management instructions to change the encryption key and re-encrypt the data.