Sometimes it is good to go back to the basics. Connection between Autonomous database and the client is always encrypted with TLS. Depending on the network access type, either it has to be mutual (mTLS) or TLS only. Why this is important? Well, I can think of couple good reasons. If I allow "secure access from everywhere" to my database then I would want to ensure only the clients that I shared necessary information (in this case a wallet) should be able to access it. Other logical options are allowing access only from the network addresses that I know, like my own IP address or from private network that I trust.
So I will be writing a small piece of java code to test it. It is all about setting my environment and constructing JDBC connection string. So at the minimum I add jdbc driver to my pom file. You might want to use UCP for your applications, it will be the same. I will be following official documentation
1 In order to connect with a Wallet, I download the wallet from console, unzip it then use the folder as my TNS_ADMIN. Connection string looks like
jdbc:oracle:thin:@{CONNECT_DENTIFIER}?{TNS_ADMIN}As you will see there are different ways to construct it: Wallet folder can be set as a system property or passed as a query string. Here is a small sample code
2 If I can restrict access to my autonomous database with an access controll list (ACL) or connect with a private endpoint in a private subnet then I can uncheck Require mutual TLS (mTLS) authentication checkbox then I can connect to this database without a wallet. Connection is still encrypted with TLS.
No comments:
Post a Comment