You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The hash of the latest block in the database ledger is called the *database digest*. It represents the state of all ledger tables in the database at the time when the block was generated. Generating a database digest is efficient, because it involves computing only the hashes of the blocks that were recently appended.
22
+
The hash of the latest block in the database ledger is called the *database digest*. It represents the state of all ledger tables in the database at the time when the block was generated. Generating a database digest is efficient, because it involves computing only the hashes of the blocks that were recently appended.
23
23
24
-
Database digests can be generated either automatically by the system or manually by the user. You can use them later to verify the integrity of the database.
24
+
Database digests can be generated either automatically by the system or manually by the user. You can use them later to verify the integrity of the database.
25
25
26
26
Database digests are generated in the form of a JSON document that contains the hash of the latest block, together with metadata for the block ID. The metadata includes the time that the digest was generated and the commit time stamp of the last transaction in this block.
27
27
@@ -34,8 +34,7 @@ The verification process and the integrity of the database depend on the integri
34
34
35
35
Ledger integrates with the [immutable storage feature of Azure Blob Storage](/azure/storage/blobs/immutable-storage-overview) and [Azure Confidential Ledger](/azure/confidential-ledger/index). This integration provides secure storage services in Azure to help protect the database digests from potential tampering. This integration provides a simple and cost-effective way for users to automate digest management without having to worry about their availability and geographic replication. Azure Confidential Ledger has a stronger integrity guarantee for customers who might be concerned about privileged administrators access to the digest. [This table](/azure/architecture/guide/technology-choices/multiparty-computing-service#confidential-ledger-and-azure-blob-storage) compares the immutable storage feature of Azure Blob Storage with Azure Confidential Ledger.
36
36
37
-
You can configure automatic generation and storage of database digests through the Azure portal, PowerShell, or the Azure CLI. For more information, see [Enable automatic digest storage](ledger-how-to-enable-automatic-digest-storage.md). When you configure automatic generation and storage, database digests are generated on a predefined interval of 30 seconds and uploaded to the selected storage service. If no transactions occur on the system in the 30-second interval, a database digest won't be generated and uploaded. This mechanism ensures that database digests are generated only when data has been updated in your database. When the endpoint is an Azure Blob Storage, the Azure SQL database server will create a new container, named **sqldbledgerdigests** and use a naming pattern like:
38
-
ServerName/DatabaseName/CreationTime. The creation time is needed because a database with the same name can be dropped and recreated or restored, allowing for different "incarnations" of the database under the same name. See [Digest Management Considerations](ledger-digest-management.md).
37
+
You can configure automatic generation and storage of database digests through the Azure portal, PowerShell, or the Azure CLI. For more information, see [Enable automatic digest storage](ledger-how-to-enable-automatic-digest-storage.md). When you configure automatic generation and storage, database digests are generated on a predefined interval of 30 seconds and uploaded to the selected storage service. If no transactions occur on the system in the 30-second interval, a database digest won't be generated and uploaded. This mechanism ensures that database digests are generated only when data has been updated in your database. When the endpoint is an Azure Blob Storage, the Azure SQL database server creates a new container, named **sqldbledgerdigests** and uses a naming pattern like: `ServerName/DatabaseName/CreationTime`. The creation time is needed because a database with the same name can be dropped and recreated or restored, allowing for different "incarnations" of the database under the same name. For more information, see [Digest Management Considerations](ledger-digest-management.md).
39
38
40
39
> [!NOTE]
41
40
> For SQL Server, the container needs to be created manually by the user.
@@ -56,7 +55,7 @@ If you use **SQL Server**, you have to create a shared access signature (SAS) on
56
55
57
56
The following example assumes that an Azure Storage container, a policy, and a SAS key have been created. This is needed by SQL Server to access the digest files in the container.
58
57
59
-
In the following code snippet, replace `<your SAS key>` with the SAS key. The SAS key will look like `'sr=c&si=<MYPOLICYNAME>&sig=<THESHAREDACCESSSIGNATURE>'`.
58
+
In the following code snippet, replace `<your SAS key>` with the SAS key. The SAS key looks like `'sr=c&si=<MYPOLICYNAME>&sig=<THESHAREDACCESSSIGNATURE>'`.
@@ -92,8 +91,9 @@ The returned result set is a single row of data. It should be saved to the trust
92
91
```
93
92
94
93
#### Permissions
95
-
Generating database digests requires the `GENERATE LEDGER DIGEST` permission. For details on permissions related to ledger tables, see [Permissions](../permissions-database-engine.md).
96
-
>
94
+
95
+
Generating database digests requires the `GENERATE LEDGER DIGEST` permission. For details on permissions related to ledger tables, see [Permissions](../permissions-database-engine.md).
0 commit comments