ODAC

Network Tunneling

Connecting to Oracle Database Through HTTP Tunnel

This section discusses how to connect a client application to Oracle Database in two ways: directly and through an HTTP tunnel. If you need to connect to Oracle Database in conditions of restricted connectivity, e.g. when a database server is hidden behind a firewall, or you need to transmit private network data through a public network, you can set up an HTTP tunnel to create a direct network link between two locations. The tunnel is created by an intermediary called a proxy server.

Direct Connection

Direct connection implies that a client connects to a server through a directly connected network, without IP routing: you only need to specify the server address, port number, service name, and user credentials. This is also the fastest and preferred way to communicate with an Oracle server.

Code sample for a direct connection:


var
  OraSession: TOraSession;
...
OraSession := TOraSession.Create(self);
OraSession.Options.Direct := True;
OraSession.Server := '205.227.44.44:1521/ORCL1020';
OraSession.Username := 'Scott';
OraSession.Password := 'Tiger';
OraSession.Connect;

Connecting Through HTTP Tunnel

When an Oracle server is hidden behind a firewall, the client is not able to connect to the server directly on a specified port. If your firewall allows HTTP connections, you can use ODAC with a properly configured web server to connect to the database server. ODAC supports HTTP tunneling based on the PHP script.

A possible scenario of using HTTP tunneling: the client needs to access the database of a website from a remote machine, but access to the designated port of the database server is forbidden - only connections on the HTTP port 80 are allowed. To establish a connection in this scenario, you must deploy the tunnel.php script, which is distributed with the provider package, on the web server. It enables access to the database server through an HTTP tunnel. The script must be accessible through HTTP. You can verify script accessibility using any web browser. The script file is located in the HTTP folder of the installed provider: "%Program Files%\Devart\ODAC for RAD Studio XX\HTTP\tunnel.php". The only requirement to the server is support for PHP 5.

To connect to the database, you must set the TOraSession parameters as you do for a direct connection, then set the HttpOptions.Enabled property to True, and set the following parameters, specific to the HTTP tunneling:


Property Mandatory Meaning
HttpOptions.Url Yes The URL of the PHP script for HTTP tunneling. For example, if the script is is located in the root directory, the URL may look like this: https://host/tunnel.php.
HttpOptions.Username, HttpOptions.Password No The username and password for the password-protected directory that contains the HTTP tunneling script.

Connecting Through Proxy and HTTP Tunnel

The HTTP tunneling server may be not be directly accessible from the client machine, for example, the client address is 10.0.0.2 and the server address is 205.227.44.44:1521/ORCL1020. The client and server reside in different networks, so the client can only reach it through the proxy server at 10.0.0.1, which listens on port 808. In this case, in addition to TOraSession.HttpOptions, you have to set values for HttpOptions.ProxyOptions, for example:


var
  OraSession: TOraSession;
...
OraSession := TOraSession.Create(self);
OraSession.Options.Direct := True;
OraSession.Server := '205.227.44.44:1521/ORCL1020';
OraSession.Username := 'Scott';
OraSession.Password := 'Tiger';
OraSession.HttpOptions.Enabled := True;
OraSession.HttpOptions.Url := 'https://dac-tunnel.devart.com/tunnel1.php';
OraSession.HttpOptions.ProxyOptions.Hostname := '10.0.0.1';
OraSession.HttpOptions.ProxyOptions.Port := 808;
OraSession.HttpOptions.ProxyOptions.Username := 'ProxyUser';
OraSession.HttpOptions.ProxyOptions.Password := 'ProxyPassword';
OraSession.Connect;

Note that setting the parameters for OraSession.HttpOptions.ProxyOptions automatically enables the use of the proxy server.

Sample Aplication That Uses HTTP/HTTPS Tunneling

  1. Open your browser and visit the URL of the tunnel.php script on your server to verify that the script has been properly installed.
  2. HTTP Tunnel

  3. Run RAD Studio and create a new VCL application.
  4. Place the following components on the form: TOraSession, TOraQuery, TDataSource, TDBGrid, TButton, and TCRSSLIOHandler. The last component is required when connecting through HTTPS. TCRSSLIOHandler is distributed with SecureBridge and is required for binding ODAC with SecureBridge. The installation instructions for the component are provided in Readme.html, which is located by default in "My Documents\Devart\ODAC for RAD Studio XX\Demos\TechnologySpecific\SecureBridge\DelphiXX."
  5. Delphi Connection through HTTP tunnel

  6. Select TDBGrid and set the DataSource property to an instance of TDataSource.
  7. Select the TDataSource component and set the DataSet property to an instance of TOraQuery.
  8. Select TOraQuery and set the Session property to an instance of TOraSession. Double-click the component and enter an SQL statement to be executed against Oracle Database.
  9. Double-click TButton to switch to the code view. Add the code to call the Open method of TOraQuery when the button is clicked.
  10. Delphi TButton

  11. Select the TOraSession component. If you use an HTTPS tunnel, set the IOHandler property to CRSSLIOHandler1. Expand the HttpOptions and enter the URL of the tunnel.php script on your server.

    HTTP Options ODAC

  12. Double-click the TOraSession component. Specify your server address, port, service name, username and password for the Oracle user. Click Connect to test connection to the Oracle server.
  13. Delphi TOraSession

  14. Press F9 to compile and run the project, and click the button to run the query against the database through HTTPS and display the data in the form.
  15. Delphi Run Query through HTTPS

Additional Information

There is one more way to tunnel network traffic. The Secure Shell forwarding, or SSH, can be used for data forwarding. HHowever, SSH is designed to encrypt traffic rather than traverse firewalls. The Connecting via SSH document describes how to set up an SSH connection in ODAC.

Keep in mind that traffic tunneling or encryption always increases the CPU usage and bandwidth utilization. It is recommended that you use direct connection whenever possible.

© 1997-2022 Devart. All Rights Reserved. Request Support DAC Forum Provide Feedback