standalone tool (vtctl) and client- server (vtctlclient in combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl that routes traffic to the correct VTTablet servers and returns consolidated results back to the client. It speaks both the MySQL Protocol and the Vitess gRPC protocol. Thus, your applications can connect sudo apt-get install -y mysql-server mysql-client make unzip g++ etcd curl git wget # Debian sudo apt-get install -y default -mysql-server default -mysql-client make unzip g++ etcd curl wget 21 The services

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Client authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 Generating client certificates with easy-rsa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . are handled by Vitess and how they are handled. System variable Handled autocommit VitessAware client_found_rows VitessAware skip_query_plan_cache VitessAware tx_read_only VitessAware transaction_read_only

are handled by Vitess and how they are handled. System variable Handled autocommit VitessAware client_found_rows VitessAware skip_query_plan_cache VitessAware tx_read_only VitessAware transaction_read_only mit ReservedConn binlog_format CheckAndIgnore block_encryption_mode CheckAndIgnore character_set_client CheckAndIgnore character_set_connection CheckAndIgnore character_set_database CheckAndIgnore cha standalone tool (vtctl) and client- server (vtctlclient in combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl

are handled by Vitess and how they are handled. System variable Handled autocommit VitessAware client_found_rows VitessAware skip_query_plan_cache VitessAware tx_read_only VitessAware transaction_read_only mit ReservedConn binlog_format CheckAndIgnore block_encryption_mode CheckAndIgnore character_set_client CheckAndIgnore character_set_connection CheckAndIgnore character_set_database CheckAndIgnore cha standalone tool (vtctl) and client- server (vtctlclient in combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl

are handled by Vitess and how they are handled. System variable Handled autocommit VitessAware client_found_rows VitessAware skip_query_plan_cache VitessAware tx_read_only VitessAware transaction_read_only mit ReservedConn binlog_format CheckAndIgnore block_encryption_mode CheckAndIgnore character_set_client CheckAndIgnore character_set_connection CheckAndIgnore character_set_database CheckAndIgnore cha standalone tool (vtctl) and client- server (vtctlclient in combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl

are handled by Vitess and how they are handled. System variable Handled autocommit VitessAware client_found_rows VitessAware skip_query_plan_cache VitessAware tx_read_only VitessAware transaction_read_only mit ReservedConn binlog_format CheckAndIgnore block_encryption_mode CheckAndIgnore character_set_client CheckAndIgnore character_set_connection CheckAndIgnore character_set_database CheckAndIgnore cha standalone tool (vtctl) and client- server (vtctlclient in combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl

that routes traffic to the correct VTTablet servers and returns consolidated results back to the client. It speaks both the MySQL Protocol and the Vitess gRPC protocol. Thus, your applications can connect sudo apt-get install -y mysql-server mysql-client make unzip g++ etcd curl git wget # Debian sudo apt-get install -y default -mysql-server default -mysql-client make unzip g++ etcd curl wget The services sh kubectl create -f example/deployment.yaml 4. Install the MySQL client locally. For example, on Ubuntu: apt-get install mysql-client 5. Install vtctlclient locally: • Install go 1.12+ • go get vitess

that routes traffic to the correct VTTablet servers and returns consolidated results back to the client. It speaks both the MySQL Protocol and the Vitess gRPC protocol. Thus, your applications can connect sudo apt-get install -y mysql-server mysql-client make unzip g++ etcd curl git wget # Debian sudo apt-get install -y default -mysql-server default -mysql-client make unzip g++ etcd curl wget The services helm-v3.* # copy linux-amd64/helm into your path 4. Install the MySQL client locally. For example, on Ubuntu: apt install mysql-client 5. Install vtctlclient locally: If you are familiar with Go development

branch master commit 092479406b27ae61a8fcd146a0e08af2d51a7245 ◦ Furthermore, the minimal reference client https://github.com/vitessio/messages was used as additional illustration of use-cases. ▪ branch OR sha1(sha1(pw)) Server -> Client: salt (randomly generated for each connection attempt) Client -> Server: sha1(pw) ^ sha1(salt + sha1(sha1(pw))) Server computes: sha1(client_response ^ sha1(salt + sha1(sha1(pw))) as plain-text, Vitess spares itself the final SHA1 operation on the server-side and compares the client's authentication token directly with its own version of the scrambled password, rendering the attack

Authentication and authorization are done at the VTAdmin-api level, not VTAdmin-web; VTAdmin-web is merely a client. In other words, authentication and authorization are not enforced when using the web UI - VTAdmin-web running VTAdmin deployment, and 2) an app that is responsible for authenticating the VTAdmin-web client. File system Trust increases when an actor obtains access to the local file system. An attacker be able to send requests to the VTAdmin-api server or have access to an authenticated VTAdmin-web client, but once they have obtained that, the attack complexity is simple; An attacker will launch an attack