JDBC URL: Short And Secure

For years, Oracle SQL*Net offered a secured connection to the database and a prevalent unencrypted one. With the Zero Trust Architecture, that is no longer an option; you should get ready for end-to-end encryption in any environment, including your workstation.

I won't rephrase Oracle Database documentation on transport security and leave the comprehensive connection descriptor publication out of my scope.

I always wonder why SQL*Net offers a nice and clean "Easy Connection" format for plain connections and a TNS-formatted string for secured links.

According to the documentation, an easy connection descriptor is:

jdbc:oracle:thin:@listener.address:1521/service.name

And the simplest security connection descriptor looks like this:

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=
                   (PROTOCOL=TCPS)(PORT=15022)(HOST=listener.address))
                   (CONNECT_DATA=(SERVICE_NAME=service.name)))

That kind of language gives a lot of grief to CLI enthusiasts and leads to errors-prone connection description. But to my amusement and great relief, SQL*Net and JDBC drivers are, in fact, URI-compliant. So, for testing and development purposes, you can use an easy and secure JDBC URL:

jdbc:oracle:thin:@tcps://listener.address:15022/service.name

The main difference is a protocol descriptor tcps:// instructing the JDBC driver to use secured sockets. This connector URI works well for base-level configurations or development and testing purposes, while TNS descriptors have no alternative for advanced security settings and highly available environments.