MSc. N. Krein, MSc. D. Weißer, J. Larsson Index Introduction Scope Test Methodology Phase 1. Manual Code Auditing Phase 2. Code-Assisted Penetration Testing Miscellaneous Issues VIT-01-001 MySQL: goals that were closely linked to the areas in scope. The initial phase (Phase 1) mostly comprised manual source code reviews, in particular in terms of the API endpoints, input handlers and parsers. The Kubernetes environment. Phase 1. Manual Code Auditing The following list of items presents the noteworthy steps undertaken during the first part of the test, which entailed the manual code audit of the sources

functions”. These two issues allowed a malicious user to create a resource that would then subsequently disallow other operations for other users. For example, a user could create a malicious shard that would The issues were more significant for Vitess deployments that include the VTAdmin component, since a user with the lowest level of privileges in VTAdmin could cause denial of service for all other users in requests: 1) It first authenticates the request, and 2) it then checks the authorization level for the user sending the request. In VTAdmin, authentication is the task of obtaining the actor that is sending

TABLE 70 Vitess table lifecycle 70 Lifecycle subsets and configuration 71 Automated lifecycle 71 User-facing DROP TABLE lifecycle 71 Tablet throttler . . . . . . . . . . . . . . . . . . . . . . . . as master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 User Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 description: User guides covering advanced configuration concepts . . . . . . . . . . . . . . . . . . . . . . . . .

as master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 User Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 User and Permission Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . shards. The keyspace ID itself is computed using a function of some column in your data, such as the user ID. Vitess allows you to choose from a variety of functions (vindexes) to perform this mapping. This

as master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 User Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 User and Permission Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . shards. The keyspace ID itself is computed using a function of some column in your data, such as the user ID. Vitess allows you to choose from a variety of functions (vindexes) to perform this mapping. This

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 User-facing DROP TABLE lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . as master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 User Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . commerce keyspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 User Management and Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

as master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 User Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 User and Permission Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a root node. The root node produces the final results of the query and delivers the results to the user. Observing Execution Plans Cached execution plans can be observed at the VTGate level by browsing

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 User-facing DROP TABLE lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 13 User Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . commerce keyspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344 User Management and Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 7 User-facing DROP TABLE lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . as master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285 User Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . commerce keyspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322 User Management and Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

as primary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 User Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . commerce keyspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386 User Management and Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420 description: User guides for features in older version of Vitess . . . . . . . . . . . . . . . . . . . . . . . . .