PRESENTS Vitess security audit In collaboration with the Vitess maintainers, Open Source Technology Improvement Fund and The Linux Foundation Authors Adam Korczynski David Korczynski Creative Commons 4.0 (CC BY 4.0) Vitess Security Audit, 2023 Table of contents Table of contents 1 Executive summary 2 Notable findings 3 Project Summary 4 Audit Scope 4 Threat model formalisation 5 Conclusions 40 1 Vitess Security Audit, 2023 Executive summary In March and April 2023, Ada Logics carried out a security audit of Vitess. The primary focus of the audit was a new component of Vitess

for horizontal scaling of MySQL” From https://vitess.io/ This report documents the results of a security assessment targeting the Vitess software database scaler. Funded by the CNCF / The Linux Foundation relevant code and documentation was granted. While the first project meeting provided the basis for the audit, a more ad-hoc kick-off meeting ensured that no major hurdles emerged. A Cure53, Berlin · 03/08/19 may suggest some kind of test limitations, they in fact prove that the Vitess team delivers on the security promises they make. In Cure53’s view, there is a clear intention and follow-through on providing

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . query_prealloc_size NoOp sql_buffer_result NoOp transaction_alloc_block_size NoOp wait_timeout NoOp audit_log_read_buffer_size NotSupported auto_increment_increment NotSupported auto_increment_offset NotSupported combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl, you can identify master and replica databases, create

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . query_prealloc_size NoOp sql_buffer_result NoOp transaction_alloc_block_size NoOp wait_timeout NoOp audit_log_read_buffer_size NotSupported auto_increment_increment NotSupported auto_increment_offset NotSupported combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl, you can identify master and replica databases, create

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 9 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . query_prealloc_size NoOp sql_buffer_result NoOp transaction_alloc_block_size NoOp wait_timeout NoOp audit_log_read_buffer_size NotSupported auto_increment_increment NotSupported auto_increment_offset NotSupported combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl, you can identify primary and replica databases, create

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . query_prealloc_size NoOp sql_buffer_result NoOp transaction_alloc_block_size NoOp wait_timeout NoOp audit_log_read_buffer_size NotSupported auto_increment_increment NotSupported auto_increment_offset NotSupported combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl, you can identify master and replica databases, create

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . sql_buffer_result NoOp transaction_alloc_block_size NoOp wait_timeout NoOp 22 System variable Handled audit_log_read_buffer_size NotSupported auto_increment_increment NotSupported auto_increment_offset NotSupported combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl, you can identify master and replica databases, create

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 4 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl, you can identify master and replica databases, create Reverse the lock order here. – then rollout a configuration to just use the new service. Transport Security Model Vitess exposes a few RPC services, and internally also uses RPCs. These RPCs may use secure

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . authentication plugin. Support for caching_sha2_password can be tracked in #5399. 44 Transport Security To configure VTGate to support TLS set -mysql_server_ssl_cert and -mysql_server_ssl_key. Client the lock order here. – then rollout a configuration to just use the new service. 60 Transport Security Model Vitess exposes a few RPC services, and internally also uses RPCs. These RPCs may use secure

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . d authentication plugin. Support for caching_sha2_password can be tracked in #5399. Transport Security To configure VTGate to support TLS set -mysql_server_ssl_cert and -mysql_server_ssl_key. Client Reverse the lock order here. – then rollout a configuration to just use the new service. Transport Security Model Vitess exposes a few RPC services, and internally also uses RPCs. These RPCs may use secure