This section discusses how to connect a client application to Oracle Database using SSL (Secure Sockets Layer), which is an industry standard protocol for secure access to a remote machine over untrusted networks. It runs on top of TCP/IP to secure client-server communications by allowing an SSL-enabled client to authenticate itself to an SSL-enabled server and vice versa. During server authentication, an SSL-enabled client application uses standard techniques of public-key cryptography to verify the server's identity by checking that the server's certificate is issued by a trusted certificate authority (CA) and proves the ownership of the public key.
Conversely, SSL client authentication allows the server to validate the client's identity. The client and server can also authenticate each other using self-signed certificates, however, you will almost never want to use a self-signed certificate, except for an Intranet or a development server. After establishing an SSL connection, the client and server can exchange messages that are symmetrically encrypted with the shared secret key. SSL is the recommended method to establish a secure connection to Oracle due to easier configuration and higher performance, compared to SSH.
To establish an SSL connection to the server with ODAC, you must compile and install the TCRSSLIOHandler
component, which is distributed with SecureBridge and is required to bind ODAC with SecureBridge. The installation instructions for the component are provided in the Readme.html
file, which is located by default in "My Documents\Devart\ODAC for RAD Studio XX\Demos\TechnologySpecific\SecureBridge".
TOraSession
, TOraQuery
, TOraDataSource
, TDBGrid
, TButton
, TCRSSLIOHandler
, TCRSsoFileStorage
.
TOraSession
component and set the IOHandler
property to an instance of TCRSSLIOHandler
.
TDBGrid
component and set the DataSource
property to an instance of TOraDataSource
.
TOraDataSource
component and set the DataSet
property to an instance of TOraQuery
.
TOraQuery
component and set the Session
property to an instance of TOraSession
.
TOraQuery
component and specify a SQL query to execute against Oracle Database.
TCRSsoFileStorage
component and specify the path to the wallet file. A wallet is container for storing authentication and signing credentials, including keys and certificates needed by SSL. See this document for information on creating an Oracle wallet. If you are using Oracle Cloud, see this document for information on obtaining wallet files.
TCRSSLIOHandler
component and set the Storage
property to an instance of TCRSsoFileStorage
.
TButton
component and create an OnClick
event. Add the code to call the Open
method of TOraQuery
when the button is clicked.
TOraSession
component and specify the server's distinguished name (DN) in the ServerCertDN
property of SSLOptions
to enable server DN matching. It is used to check whether the server is genuine by matching the server's global database name against the DN from the server certificate. See this document for information on editing the client network configuration files.
TOraSession
component and specify the server address, port, username and password.
The steps are similar to the above, except that you specify the server and client SSL certificates and the private client key instead of wallet files, thus you do not need the TCRSsoFileStorage
component.
Select the TOraSession
component and expand SSLOptions
. Specify the server certificate in the CACert
property, the client certificate in the Cert
property, the private client key in the Key
property and the server's distinguished name (DN) in the ServerCertDN
property.