Describes methods to securely connect to Autonomous Database.
- About Connecting to a Dedicated Autonomous Database
- Connect to Autonomous Database Using a Client Application
- Download Client Credentials
- Connect to Autonomous Database Using Oracle Database Tools
- Oracle Call Interface (OCI) Connections and Wallets
- Predefined Database Service Names for Autonomous Databases
- Connect Applications to Autonomous Database
- Connect with Oracle Cloud Infrastructure FastConnect
- Restrict Access Using a Network Access Control List
About Connecting to a Dedicated Autonomous Database
Applications and tools connect to a dedicated Autonomous Database using Oracle Net Services (also known as SQL*Net). Oracle Net Services enables a network session from a client application to an Oracle Database server.
When a network session is established, Oracle Net Services acts as the data courier for both the client application and the database. It is responsible for establishing and maintaining the connection between the client application and the database, as well as exchanging messages between them.
Oracle Net Services support a variety of connection types to the Autonomous Database, including:
Oracle Call Interface (OCI), which is used by many applications written in C language. Examples include Oracle utilities such as Oracle SQL*Plus, SQL*Loader, and Oracle Data Pump.
ODBC drivers, which can be used by applications running on Microsoft Windows, are layered over Oracle Call Interface (OCI).
JDBC OCI, which is used by Java language applications. JDBC OCI adds a layer over Oracle Call Interface for Java applications. The Oracle SQLcl command-line interface uses JDBC OCI.
JDBC Thin Driver, also for Java applications, is a pure Java driver. Oracle SQL Developer supports JDBC Thin Driver connections.
Third-party products and custom applications may use any of these connection types.
Secure Connections to Autonomous Database
The network path to a dedicated Autonomous Database is through a VCN (virtual cloud network) and subnet defined by the dedicated infrastucture hosting the database. Usually, the subnet is defined as private, meaning that there is no public Internet access to databases.
Autonomous Database provides several pairs of database services to use when connecting to your dedicated database. In each pair, one of the pair provides a secure TCP (TCPS) connection using the TLS protocol, and the other provides a TCP connection. In all other respects, the two members of a pair are the same. To ensure security of data in transit, Oracle strongly recommends that you use a secure connection, even if the database is only available through a private subnet. If you are familiar with using an Oracle Database within your own data center, you may not have previously used these secure connections.
To provide the secure connection, certification authentication uses an encrypted key stored in a wallet on both the client (where the application is running) and the server (where your dedicated Autonomous Database is running). The key on the client must match the key on the server to make a connection. A wallet contains a collection of files, including the key and other information needed to connect to your database . All communications between the client and the server are encrypted.