|
Network Tunneling |
|
|
|
Network Tunneling |
|
This section discusses how to connect a client application to Oracle Database in two ways: directly and through an HTTP tunnel. If you need to connect to Oracle Database in conditions of restricted connectivity, e.g. when a database server is hidden behind a firewall, or you need to transmit private network data through a public network, you can set up an HTTP tunnel to create a direct network link between two locations. The tunnel is created by an intermediary called a proxy server.
Direct connection implies that a client connects to a server through a directly connected network, without IP routing: you only need to specify the server address, port number, service name, and user credentials. This is also the fastest and preferred way to communicate with an Oracle server.
Code sample for a direct connection:
var
OraSession: TOraSession;
...
OraSession := TOraSession.Create(self);
OraSession.Options.Direct := True;
OraSession.Server := '205.227.44.44:1521/ORCL1020';
OraSession.Username := 'Scott';
OraSession.Password := 'Tiger';
OraSession.Connect;When an Oracle server is hidden behind a firewall, the client is not able to connect to the server directly on a specified port. If your firewall allows HTTP connections, you can use ODAC with a properly configured web server to connect to the database server. ODAC supports HTTP tunneling based on the PHP script.
A possible scenario of using HTTP tunneling: the client needs to access the database of a website from a remote machine, but access to the designated port of the database server is forbidden - only connections on the HTTP port 80 are allowed. To establish a connection in this scenario, you must deploy the tunnel.php script, which is distributed with the provider package, on the web server. It enables access to the database server through an HTTP tunnel. The script must be accessible through HTTP. You can verify script accessibility using any web browser. The script file is located in the HTTP folder of the installed provider: "%Program Files%\Devart\ODAC for RAD Studio XX\HTTP\tunnel.php". The only requirement to the server is support for PHP 5.
To connect to the database, you must set the TOraSession parameters as you do for a direct connection, then set the HttpOptions.Enabled property to True, and set the following parameters, specific to the HTTP tunneling:
| Property | Mandatory | Meaning |
|---|---|---|
| HttpOptions.Url | Yes | The URL of the PHP script for HTTP tunneling. For example, if the script is is located in the root directory, the URL may look like this: https://host/tunnel.php. |
| HttpOptions.Username, HttpOptions.Password | No | The username and password for the password-protected directory that contains the HTTP tunneling script. |
The HTTP tunneling server may be not be directly accessible from the client machine, for example, the client address is 10.0.0.2 and the server address is 205.227.44.44:1521/ORCL1020. The client and server reside in different networks, so the client can only reach it through the proxy server at 10.0.0.1, which listens on port 808. In this case, in addition to TOraSession.HttpOptions, you have to set values for HttpOptions.ProxyOptions, for example:
var
OraSession: TOraSession;
...
OraSession := TOraSession.Create(self);
OraSession.Options.Direct := True;
OraSession.Server := '205.227.44.44:1521/ORCL1020';
OraSession.Username := 'Scott';
OraSession.Password := 'Tiger';
OraSession.HttpOptions.Enabled := True;
OraSession.HttpOptions.Url := 'https://dac-tunnel.devart.com/tunnel1.php';
OraSession.HttpOptions.ProxyOptions.Hostname := '10.0.0.1';
OraSession.HttpOptions.ProxyOptions.Port := 808;
OraSession.HttpOptions.ProxyOptions.Username := 'ProxyUser';
OraSession.HttpOptions.ProxyOptions.Password := 'ProxyPassword';
OraSession.Connect;Note that setting the parameters for OraSession.HttpOptions.ProxyOptions automatically enables the use of the proxy server.
tunnel.php script on your server to verify that the script has been properly installed.
TOraSession, TOraQuery, TDataSource, TDBGrid, TButton, and TCRSSLIOHandler. The last component is required when connecting through HTTPS. TCRSSLIOHandler is distributed with SecureBridge and is required for binding ODAC with SecureBridge. The installation instructions for the component are provided in Readme.html, which is located by default in "My Documents\Devart\ODAC for RAD Studio XX\Demos\TechnologySpecific\SecureBridge\DelphiXX."
TDBGrid and set the DataSource property to an instance of TDataSource.TDataSource component and set the DataSet property to an instance of TOraQuery.TOraQuery and set the Session property to an instance of TOraSession. Double-click the component and enter an SQL statement to be executed against Oracle Database.TButton to switch to the code view. Add the code to call the Open method of TOraQuery when the button is clicked.
TOraSession component. If you use an HTTPS tunnel, set the IOHandler property to CRSSLIOHandler1. Expand the HttpOptions and enter the URL of the tunnel.php script on your server.
TOraSession component. Specify your server address, port, service name, username and password for the Oracle user. Click Connect to test connection to the Oracle server.
F9 to compile and run the project, and click the button to run the query against the database through HTTPS and display the data in the form.
There is one more way to tunnel network traffic. The Secure Shell forwarding, or SSH, can be used for data forwarding. HHowever, SSH is designed to encrypt traffic rather than traverse firewalls. The Connecting via SSH document describes how to set up an SSH connection in ODAC.
Keep in mind that traffic tunneling or encryption always increases the CPU usage and bandwidth utilization. It is recommended that you use direct connection whenever possible.