keyspaces” and “ADA-VIT-SA23-12, VTAdmin users that can create shards can deny access to other functions”. These two issues allowed a malicious user to create a resource that would then subsequently disallow from the table below; For example, a fully untrusted user can also be a contributor to a 3rd-party library used by VTAdmin. Actor Description Have already escalated privileges Fully untrusted users Users k8stopo Low No 12 ADA-VIT-SA23-12 VTAdmin users that can create shards can deny access to other functions Moderate Yes 16 Vitess Security Audit, 2023 ADA-VIT-SA23-1: Missing documentation on deploying

. . . . 46 Locking functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Locking Functions 46 Functions covered . . . . . . of some column in your data, such as the user ID. Vitess allows you to choose from a variety of functions (vindexes) to perform this mapping. This allows you to choose the right one to achieve optimal distribution value can be changed by using the vtgate flag -mysql_server_version. Special functions There are a few special functions that Vitess handles without delegating to MySQL. • DATABASE() - The keyspace name

. . . . 42 Locking functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Locking Functions 44 Functions covered . . . . . . of some column in your data, such as the user ID. Vitess allows you to choose from a variety of functions (vindexes) to perform this mapping. This allows you to choose the right one to achieve optimal distribution value can be changed by using the vtgate flag -mysql_server_version. 21 Special functions There are a few special functions that Vitess handles without delegating to MySQL. • DATABASE() - The keyspace name

. . . . . . . 53 Locking functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Locking Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Functions covered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . of some column in your data, such as the user ID. Vitess allows you to choose from a variety of functions (vindexes) to perform this mapping. This allows you to choose the right one to achieve optimal distribution

. . . . 41 Locking functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Locking Functions 43 Functions covered . . . . . . of some column in your data, such as the user ID. Vitess allows you to choose from a variety of functions (vindexes) to perform this mapping. This allows you to choose the right one to achieve optimal distribution application will set it to, and Vitess can use connection pooling. 20 Special functions There are a few special functions that Vitess handles without delegating to MySQL. • DATABASE() - The keyspace name

of some column in your data, such as the user ID. Vitess allows you to choose from a variety of functions (vindexes) to perform this mapping. This allows you to choose the right one to achieve optimal distribution events from the binary log of the underlying MySQL instance. This allows for efficient execution of functions such as VReplication where a subscriber can indirectly receive events from the binary logs of one can also migrate tables into different databases and scale up or down the number of shards. These functions are performed non-intrusively, completing most data transitions with just a few seconds of read-only

of some column in your data, such as the user ID. Vitess allows you to choose from a variety of functions (vindexes) to perform this mapping. This allows you to choose the right one to achieve optimal distribution allowed to lag far behind the master because replication needs to be stopped to perform some of these functions. In our use case, we are provisioning one rdonly replica per shard in order to perform resharding can also migrate tables into different databases and scale up or down the number of shards. These functions are performed non-intrusively, completing most data transitions with just a few seconds of read-only

of some column in your data, such as the user ID. Vitess allows you to choose from a variety of functions (vindexes) to perform this mapping. This allows you to choose the right one to achieve optimal distribution the application will set it to, and Vitess can use connection pooling. Special functions There are a few special functions that Vitess handles without delegating to MySQL. • DATABASE() - The keyspace name keyspace name. (This also applies to the synonym SCHEMA()) • ROW_COUNT() and FOUND_ROWS() - These functions returns how many rows the last query affected/returned. Since this might have been executed on a

of some column in your data, such as the user ID. Vitess allows you to choose from a variety of functions (vindexes) to perform this mapping. This allows you to choose the right one to achieve optimal distribution events from the binary log of the underlying MySQL instance. This allows for efficient execution of functions such as VReplication where a subscriber can indirectly receive events from the binary logs of one can also migrate tables into different databases and scale up or down the number of shards. These functions are performed non-intrusively, completing most data transitions with just a few seconds of read-only

exposed by vtlctld and the same functions that are also reachable via vtctlclient. • Despite this being only an administrative functionality, a typical example for such functions interacting with the file system