|
Connecting via SSL |
|
|
|
Connecting via SSL |
|
This section discusses how to connect a client application to Oracle Database using SSL (Secure Sockets Layer), which is an industry standard protocol for secure access to a remote machine over untrusted networks. It runs on top of TCP/IP to secure client-server communications by allowing an SSL-enabled client to authenticate itself to an SSL-enabled server and vice versa. During server authentication, an SSL-enabled client application uses standard techniques of public-key cryptography to verify the server's identity by checking that the server's certificate is issued by a trusted certificate authority (CA) and proves the ownership of the public key.
Conversely, SSL client authentication allows the server to validate the client's identity. The client and server can also authenticate each other using self-signed certificates, however, you will almost never want to use a self-signed certificate, except for an Intranet or a development server. After establishing an SSL connection, the client and server can exchange messages that are symmetrically encrypted with the shared secret key. SSL is the recommended method to establish a secure connection to Oracle due to easier configuration and higher performance, compared to SSH.
To establish an SSL connection to the server with ODAC, you must compile and install the TCRSSLIOHandler component, which is distributed with SecureBridge and is required to bind ODAC with SecureBridge. The installation instructions for the component are provided in the Readme.html file, which is located by default in "My Documents\Devart\ODAC for RAD Studio XX\Demos\TechnologySpecific\SecureBridge".
TOraSession, TOraQuery, TOraDataSource, TDBGrid, TButton, TCRSSLIOHandler, TCRSsoFileStorage.
TOraSession component and set the IOHandler property to an instance of TCRSSLIOHandler.
TDBGrid component and set the DataSource property to an instance of TOraDataSource.
TOraDataSource component and set the DataSet property to an instance of TOraQuery.
TOraQuery component and set the Session property to an instance of TOraSession.
TOraQuery component and specify a SQL query to execute against Oracle Database.
TCRSsoFileStorage component and specify the path to the wallet file. A wallet is container for storing authentication and signing credentials, including keys and certificates needed by SSL. See this document for information on creating an Oracle wallet. If you are using Oracle Cloud, see this document for information on obtaining wallet files.
TCRSSLIOHandler component and set the Storage property to an instance of TCRSsoFileStorage.
TButton component and create an OnClick event. Add the code to call the Open method of TOraQuery when the button is clicked.
TOraSession component and specify the server's distinguished name (DN) in the ServerCertDN property of SSLOptions to enable server DN matching. It is used to check whether the server is genuine by matching the server's global database name against the DN from the server certificate. See this document for information on editing the client network configuration files.
TOraSession component and specify the server address, port, username and password.
The steps are similar to the above, except that you specify the server and client SSL certificates and the private client key instead of wallet files, thus you do not need the TCRSsoFileStorage component.
Select the TOraSession component and expand SSLOptions. Specify the server certificate in the CACert property, the client certificate in the Cert property, the private client key in the Key property and the server's distinguished name (DN) in the ServerCertDN property.
