ODAC

Connecting via SSL

Connecting to Oracle Database Using SSL

This section discusses how to connect a client application to Oracle Database using SSL (Secure Sockets Layer), which is an industry standard protocol for secure access to a remote machine over untrusted networks. It runs on top of TCP/IP to secure client-server communications by allowing an SSL-enabled client to authenticate itself to an SSL-enabled server and vice versa. During server authentication, an SSL-enabled client application uses standard techniques of public-key cryptography to verify the server's identity by checking that the server's certificate is issued by a trusted certificate authority (CA) and proves the ownership of the public key.

Conversely, SSL client authentication allows the server to validate the client's identity. The client and server can also authenticate each other using self-signed certificates, however, you will almost never want to use a self-signed certificate, except for an Intranet or a development server. After establishing an SSL connection, the client and server can exchange messages that are symmetrically encrypted with the shared secret key. SSL is the recommended method to establish a secure connection to Oracle due to easier configuration and higher performance, compared to SSH.

To establish an SSL connection to the server with ODAC, you must compile and install the TCRSSLIOHandler component, which is distributed with SecureBridge and is required to bind ODAC with SecureBridge. The installation instructions for the component are provided in the Readme.html file, which is located by default in "My Documents\Devart\ODAC for RAD Studio XX\Demos\TechnologySpecific\SecureBridge".

Connecting to Oracle Database Using Oracle Wallet

  1. Place the following components on the form: TOraSession, TOraQuery, TOraDataSource, TDBGrid, TButton, TCRSSLIOHandler, TCRSsoFileStorage.
  2. SSL Connection to Oracle Database in Delphi

  3. Select the TOraSession component and set the IOHandler property to an instance of TCRSSLIOHandler.
  4. Select the TDBGrid component and set the DataSource property to an instance of TOraDataSource.
  5. Select the TOraDataSource component and set the DataSet property to an instance of TOraQuery.
  6. Select the TOraQuery component and set the Session property to an instance of TOraSession.
  7. Double-click the TOraQuery component and specify a SQL query to execute against Oracle Database.
  8. Select the TCRSsoFileStorage component and specify the path to the wallet file. A wallet is container for storing authentication and signing credentials, including keys and certificates needed by SSL. See this document for information on creating an Oracle wallet. If you are using Oracle Cloud, see this document for information on obtaining wallet files.
  9. Oracle Wallet

  10. Select the TCRSSLIOHandler component and set the Storage property to an instance of TCRSsoFileStorage.
  11. Select the TButton component and create an OnClick event. Add the code to call the Open method of TOraQuery when the button is clicked.
  12. SSL TButton

  13. Select the TOraSession component and specify the server's distinguished name (DN) in the ServerCertDN property of SSLOptions to enable server DN matching. It is used to check whether the server is genuine by matching the server's global database name against the DN from the server certificate. See this document for information on editing the client network configuration files.
  14. Oracle Distinguished Name

  15. Double-click the TOraSession component and specify the server address, port, username and password.
  16. SSL Connection to Oracle Database

  17. Compile and run the application.
  18. Retrieve Data from Oracle through SSL in Delphi

Connecting to Oracle Database Using SSL Certificates and Keys

The steps are similar to the above, except that you specify the server and client SSL certificates and the private client key instead of wallet files, thus you do not need the TCRSsoFileStorage component.

Select the TOraSession component and expand SSLOptions. Specify the server certificate in the CACert property, the client certificate in the Cert property, the private client key in the Key property and the server's distinguished name (DN) in the ServerCertDN property.

Connect to Oracle Using SSL Certificates and Keys

Connecting to Oracle Database Using the OpenSSL Library

Another way to embed SSL client functionality into your Delphi app, which uses ODAC components to access Oracle Database, is by using the OpenSSL library that implements the SSL protocol and enables servers to securely communicate with their clients. The description of the SSL connection features without using the SecureBridge's IOHandler:

The following options must be set for an SSL connection:

Note: The ssleay32.dll and libeay32.dll files are required to use the SSL protocol with the OpenSSL library.

© 1997-2022 Devart. All Rights Reserved. Request Support DAC Forum Provide Feedback