Network Tunneling

Usually when a client needs to connect to server it is assumed that direct connection can be established. Nowadays though, due to security reasons or network topology, it is often necessary to use a proxy or bypass a firewall. This article describes different ways to connect to MySQL server with MyDAC.

Direct connection
Connection through HTTP tunnel
- Connection Through proxy and HTTP tunnel
Sample Delphi App That Connects to MySQL Using HTTP/HTTPS Tunneling
Additional Information

Direct Connection

Direct connection to server means that server host is accessible from client without extra routing and forwarding. This is the simplest case. The only network setting you need is the host name and port number. This is also the fastest and most reliable way of communicating with server. Use it whenever possible.

The following code illustrates the simplicity:

MyConnection := TMyConnection.Create(self);
MyConnection.Server := 'localhost';
MyConnection.Port := 3306;
MyConnection.Username := 'root';
MyConnection.Password := 'root';
MyConnection.Connect;

Connection Through HTTP Tunnel

Sometimes client machines are shielded by a firewall that does not allow you to connect to server directly at the specified port. If the firewall allows HTTP connections, you can use MyDAC together with HTTP tunneling software to connect to MySQL server. MyDAC supports HTTP tunneling based on the PHP script.

An example of the web script tunneling usage can be the following: you have a remote website, and access to its database through the port of the database server is forbidden. Only access through HTTP port 80 is allowed, and you need to access the database from a remote computer, like when using usual direct connection.

You need to deploy the tunnel.php script, which is included into the provider package on the web server. It allows access to the database server to use HTTP tunneling. The script must be available through the HTTP protocol. You can verify if it is accessible with a web browser. The script can be found in the HTTP subfolder of the installed provider folder, e. g. %Program Files%\Devart\MyDac for Delphi X\HTTP\tunnel.php. The only requirement to the server is PHP 5 support.

To connect to the database, you should set TMyConnection parameters for usual direct connection, which will be established from the web server side, the Options.Protocol property to mpHttp, and set the following parameters, specific for the HTTP tunneling:

Property	Mandatory	Meaning
HttpOptions.Url	Yes	URL of the tunneling PHP script. For example, if the script is in the server root, the URL can be the following: http://localhost/tunnel.php.
HttpOptions.Username, HttpOptions.Password	No	Set these properties if the access to the website folder with the script is available only for registered users authenticated with user name and password.

Connection Through Proxy and HTTP Tunnel

HTTP tunneling server is not directly accessible from client machine. For example, client address is 10.0.0.2, server address is 192.168.0.10, and the MySQL server listens on port 3307. The client and server reside in different networks, so the client can reach it only through proxy at address 10.0.0.1, which listens on port 808. In this case in addition to the TMyConnection.HttpOptions options you have to setup a HttpOptions.ProxyOptions object as follows:

MyConnection := TMyConnection.Create(self);
MyConnection.Server := '192.168.0.10';
MyConnection.Port := 3307;
MyConnection.Username := 'root';
MyConnection.Password := 'root';
MyConnection.Options.Protocol := mpHttp;
MyConnection.HttpOptions.Url := 'http://server/tunnel.php';
MyConnection.HttpOptions.ProxyOptions.Hostname := '10.0.0.1';
MyConnection.HttpOptions.ProxyOptions.Port := 808;
MyConnection.HttpOptions.ProxyOptions.Username := 'ProxyUser';
MyConnection.HttpOptions.ProxyOptions.Password := 'ProxyPassword';
MyConnection.Connect;

Note that setting parameters of MyConnection.HttpOptions.ProxyOptions automatically enables proxy server usage.

Sample Delphi App That Connects to MySQL Using HTTP/HTTPS Tunneling

Open your browser and visit the URL of the tunnel.php script on your server to verify that the script has been properly installed.

HTTP Tunnel

Run RAD Studio and select 'File -> New – > VCL Forms Application – Delphi'.
Place the following components on the form: TMyConnection, TMyQuery, TDataSource, TDBGrid, TButton, and TCRSSLIOHandler. The last component is required when you connect through HTTPS. Note that the TCRSSLIOHandler is distributed with SecureBridge and is required to bind MyDAC with SecureBridge. The installation instructions for the component are provided in the Readme.html, which is located by default in "My Documents\Devart\MyDAC for RAD Studio\Demos\TechnologySpecific\SecureBridge\DelphiXX".

Delphi Connection through HTTP tunnel

Select TDBGrid and set the DataSource property to DataSource1.

Delphi TDBGrid

In the TDataSource component, assign TMyQuery1 to the DataSet property.

Delphi TDataSource

Select TMyQuery and set the Connection property to MyConnection1. Double-click the component and enter an SQL statement to be executed against the MySQL database.

Delphi TMyQuery

Double-click TButton to switch to the unit view. Add code that invokes the Open method on the MyQuery1 object to activate the dataset when the button is clicked.

Delphi TButton

Select the TMyConnection component. If you use the secure tunnel, set the IOHandler property to CRSSLIOHandler1. Expand HttpOptions and enter the URL of the tunnel.php script on your server.
In TMyConnection, expand Options and set the Protocol property to mpHttp.

HTTP Protocol MyDAC

Double-click the TMyConnection component. Specify your server address, port, database name (optionally), username and password for the MySQL user. Click Connect to test connection to the MySQL server.

Delphi TMyConnection

Press F9 to compile and run the project, and click the button to run the query against the database through HTTPS and display the data in the form.

Delphi Run Query via HTTPS

Additional Information

There is one more way to tunnel network traffic. The Secure Shell forwarding, or SSH, can be used for forwarding data. However, main purpose of SSH is traffic encryption rather than avoiding firewalls or network configuration problems. The Connecting via SSH article describes how to use SSH protocol in MyDAC.

Keep in mind that traffic tunneling or encryption always increase CPU usage and network load. It is recommended that you use direct connection whenever possible.

Request Support

DAC Forum

Provide Feedback