|
Network Tunneling |
|
|
|
Network Tunneling |
|
In typical scenarios, a client connects to a server through a direct network path. However, modern security policies or complex network topologies often require the use of a proxy or traversal through a firewall. This article describes different ways to connect to a database server using UniDAC.
A direct connection to the server means that the server host is accessible from the client without any additional routing and forwarding. This is the simplest case. The only network setting you need is the host name and port number. This is also the fastest and most reliable way to communicate with the server. Use it whenever possible.
The following example demonstrates how to configure a direct connection:
UniConnection := TUniConnection.Create(self);
UniConnection.ProviderName := '<provider_name>';
UniConnection.Server := 'localhost';
UniConnection.Port := 3306;
UniConnection.Username := '<user>';
UniConnection.Password := '<password>';
UniConnection.Connect;Sometimes, client computers are shielded by a firewall that does not allow you to connect directly to the server on the specified port. If the firewall allows HTTP connections, you can use UniDAC and HTTP tunneling software to connect to the database server.
UniDAC supports HTTP tunneling based on a PHP script.
Consider a scenario where direct access to the database server port is blocked on a remote host, and only HTTP traffic on port 80 is permitted. In such cases, web script tunneling allows remote access to the database as if it were a direct connection.
You need to deploy the tunnel.php script included in the provider package on the web server. It allows access to the database server using HTTP tunneling. The script must be accessible through the HTTP protocol. You can check if it is accessible using a web browser. You can find the script in the HTTP subfolder of the installed provider folder, such as %Program Files%\Devart\UniDac for Delphi X\HTTP\tunnel.php. The only requirement is that the server must support PHP 5.
To connect to the database via HTTP tunneling, first configure TUniConnection as for a direct connection from the web server. Then, set the Protocol option to mpHttp and provide the following HTTP tunneling parameters:
| Specific Option | Required | Description |
|---|---|---|
HttpUrl |
Yes | The URL of the tunneling PHP script. For example, if the script is in the server root, the URL can be http://localhost/tunnel.php. |
HttpUsername, HttpPassword |
No | A registered user credentials. Set these properties if access to the website folder with the script is available only for registered users authenticated with a username and password. |
Consider the previous case with one more complication.
The HTTP tunneling server is not directly accessible from the client computer. For example, the client address is 10.0.0.2, the server address is 192.168.0.10, and the database server is listening on port 3307. Since the client and the server are on different networks, the client can only access the server through a proxy located at 10.0.0.1 and listening on port 808. In this case, in addition to the HTTP-specific options, you need to set the proxy-specific options.
UniConnection := TUniConnection.Create(self);
UniConnection.ProviderName := '<provider_name>';
UniConnection.Server := '192.168.0.10';
UniConnection.Port := 3307;
UniConnection.Username := '<user>';
UniConnection.Password := '<password>';
UniConnection.SpecificOptions.Values['Protocol'] := 'mpHttp';
UniConnection.SpecificOptions.Values['HttpUrl'] := 'http://server/tunnel.php';
UniConnection.SpecificOptions.Values['ProxyHostname'] := '10.0.0.1';
UniConnection.SpecificOptions.Values['ProxyPort'] := '808';
UniConnection.SpecificOptions.Values['ProxyUsername'] := '<proxy_user>';
UniConnection.SpecificOptions.Values['ProxyPassword'] := '<proxy_password>';
UniConnection.Connect;Note that when proxy-specific options are configured, UniDAC will automatically route the connection through the specified proxy server.
Remember that traffic tunneling or encryption increases CPU usage and network load. Direct connections are recommended whenever possible.